[go: up one dir, main page]

WO2025060637A1 - Central gateway controller and data processing method - Google Patents

Central gateway controller and data processing method Download PDF

Info

Publication number
WO2025060637A1
WO2025060637A1 PCT/CN2024/106023 CN2024106023W WO2025060637A1 WO 2025060637 A1 WO2025060637 A1 WO 2025060637A1 CN 2024106023 W CN2024106023 W CN 2024106023W WO 2025060637 A1 WO2025060637 A1 WO 2025060637A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
vehicle
component
interface
switch chip
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
PCT/CN2024/106023
Other languages
French (fr)
Chinese (zh)
Inventor
刘超
王硕
李家玲
李长龙
周时莹
肖心刚
李娜
马天龙
王天骄
赵芷蕊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
FAW Group Corp
Original Assignee
FAW Group Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by FAW Group Corp filed Critical FAW Group Corp
Publication of WO2025060637A1 publication Critical patent/WO2025060637A1/en
Pending legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • H04L67/125Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • the present disclosure relates to the field of network communication technology, and in particular to a central gateway controller and a data processing method.
  • the central gateway controller or central intelligent domain controller plays an important role in the routing of the Controller Area Network (CAN)/Local Interconnect Network (LIN)/Ethernet hybrid network.
  • CAN Controller Area Network
  • LIN Local Interconnect Network
  • Ethernet communication routing the data exchange and forwarding functions need to be completed through the switch chip.
  • the central gateway controller In addition to completing data exchange through the switch chip, the central gateway controller also needs to consider data analysis and security protection issues.
  • the purpose of the embodiments of the present disclosure is to provide a central gateway controller and a data processing method to solve the problem in the prior art that a switch chip transmits a large amount of data to a main control chip and increases the main control chip
  • the chip load leads to technical problems such as delay and bandwidth waste.
  • a central gateway controller includes a switch chip, the switch chip has multiple data transmission interfaces for connecting to electronic control components of a vehicle, the switch chip includes a data exchange component, a hardware acceleration component and a data processing component, the data exchange component is configured to send and receive vehicle-mounted data of the vehicle through the data transmission interface, the hardware acceleration component is configured to analyze the vehicle-mounted data to obtain analysis results; the data processing component is configured to perform network security detection on the vehicle according to the analysis results of the hardware acceleration component.
  • the data exchange component is further configured to send the vehicle data to be analyzed to the hardware acceleration component according to preset analysis rules and/or configuration parameters;
  • the hardware acceleration component is configured to analyze the vehicle data to be analyzed according to a preset deep learning model to obtain an analysis result
  • the data processing component is configured to update the data exchange rules of the data exchange component in response to the detected analysis result indicating the existence of a network threat.
  • the data exchange component includes an acquisition component configured to acquire the vehicle data to be analyzed based on the data type of the vehicle data, the data type including Transmission Control Protocol (TCP) data and User Datagram Protocol (UDP) data.
  • TCP Transmission Control Protocol
  • UDP User Datagram Protocol
  • the central gateway controller further includes a memory configured to store the vehicle data received by the data exchange component in response to detecting that the analysis result indicates that no network threat exists.
  • the central gateway controller also includes a main control chip connected to the switch chip, and the main control chip and the switch chip are connected via a high-speed serial interface (such as a PCIe interface) or a gigabit media independent interface (RGMII interface).
  • a high-speed serial interface such as a PCIe interface
  • RGMII interface gigabit media independent interface
  • the data transmission interface is a physical layer (Physical Layer, referred to as PHY) Ethernet physical interface
  • the on-board data is on-board Ethernet data.
  • PHY Physical Layer
  • the data transmission interface also includes at least one of a CAN interface, a LIN interface, another CAN interface (such as a CANFD interface), a real-time communication protocol interface (such as a FlexRay interface), and a local area network transmission protocol interface (such as an Ethernet interface).
  • a CAN interface such as a CANFD interface
  • a real-time communication protocol interface such as a FlexRay interface
  • a local area network transmission protocol interface such as an Ethernet interface
  • the disclosed embodiment also provides a data processing method, which is applied to a switch chip of a central gateway controller, wherein the switch chip has a plurality of data for connecting to an electronic control component of a vehicle.
  • the transmission interface comprises:
  • the vehicle is tested for network security.
  • the method further comprises:
  • the method further includes: acquiring the vehicle-mounted data to be analyzed according to preset analysis rules and/or configuration parameters;
  • the vehicle data to be analyzed is analyzed to obtain the analysis results
  • the vehicle is tested for network security, including:
  • the data exchange rules of the data exchange component are updated.
  • a network security check is performed on the vehicle, including: in response to the detected analysis result that no network threat exists, storing the vehicle data received by the data exchange component.
  • the method further includes: acquiring the vehicle-mounted data to be analyzed according to a data type of the vehicle-mounted data, wherein the data type includes Transmission Control Protocol TCP data and User Datagram Protocol UDP data.
  • the central gateway controller and data processing method provided by the embodiments of the present disclosure can complete the analysis and security protection of the data of each electronic control component inside the switch chip by setting a data exchange component, a hardware acceleration component and a data processing component in the switch chip of the central gateway controller, reduce the calculation load of the main control chip, and improve the performance of the central gateway controller; at the same time, by performing data analysis and processing in the switch chip, the data delay caused by a large amount of data transmission between the switch chip and the main control chip can be reduced, the real-time performance of data transmission and processing can be achieved, the response speed of each component of the central gateway controller can be improved, and the bandwidth requirement between the switch chip and the main control chip can be reduced, so as to ensure the main control chip's processing of other functional data.
  • FIG1 is an architecture diagram of a central gateway controller according to an embodiment of the present disclosure
  • FIG2 is a flow chart of a data processing method according to an embodiment of the present disclosure.
  • FIG3 is a flow chart of another data processing method according to an embodiment of the present disclosure.
  • FIG4 is a schematic diagram of the structure of a processor according to an embodiment of the present disclosure.
  • FIG5 is a flowchart of a computer program product according to an embodiment of the present disclosure.
  • FIG6 is a flow chart of a computer-readable storage medium according to an embodiment of the present disclosure.
  • FIG. 7 is a flow chart of an electronic device according to an embodiment of the present disclosure.
  • FIG 1 is an architecture diagram of a central gateway controller of an embodiment of the present disclosure.
  • the first embodiment of the present disclosure provides a central gateway controller 10, including a switch chip 101.
  • the switch chip 101 has multiple data transmission interfaces for connecting to electronic control components of a vehicle.
  • the switch chip 101 includes a data exchange component 100, a hardware acceleration component 200 and a data processing component 300.
  • the data exchange component 100 is configured to send and receive vehicle-mounted data of the vehicle through the data transmission interface.
  • the hardware acceleration component 200 is configured to analyze the vehicle-mounted data to obtain analysis results; the data processing component 300 is configured to perform network security detection on the vehicle according to the analysis results of the hardware acceleration component 200.
  • the central gateway controller 10 is a network device used to manage and control the connection and communication of various network switching devices, and has functions such as being responsible for scheduling data traffic, providing network security and monitoring, and is a key component in the network architecture.
  • the switch chip 101 is an integrated circuit chip used in network, communication and data center equipment, and is arranged in the central gateway controller 10.
  • the data transmission interface is a physical interface used to connect different devices.
  • the switch chip 101 is connected to the first electronic control component 103, the second electronic control component 104 and the third electronic control component 105 through different data transmission interfaces, and exchanges data.
  • the switch chip 101 can be connected to different electronic control components of the same vehicle through multiple data transmission interfaces, and can also be connected to electronic control components of different vehicles.
  • the electronic control components may include an engine control component, a brake control component, a battery management control component, etc.
  • the data exchange component 100 includes an internal logic circuit for sending and receiving data according to a specific data sending and receiving rule, and transmitting the vehicle data from the electronic control component of the vehicle to the central gateway controller 10, or from the central gateway controller 10 to the electronic control component of the vehicle.
  • the hardware acceleration component 200 uses a dedicated hardware circuit to perform special processing and analysis on the vehicle data, so as to perform network security detection more efficiently. For example, the hardware acceleration component 200 can detect data abnormalities such as a sudden increase in data traffic, and transmit the above data abnormalities to the data processing component 300.
  • the data processing component 300 performs network security detection on the vehicle according to the abnormal state of the above data, and can timely discover potential network security threats such as Trojans or loopholes carried in the vehicle data, and ensure the communication security and information security of the vehicle. For example, it can discover and prevent unauthorized attempts to remotely access the vehicle control system, and avoid the vehicle control system from being attacked, causing the vehicle control system to freeze and become uncontrollable. Control the start and stop of the vehicle, etc.
  • the on-board data refers to the vehicle-related data obtained by various sensors during the driving process of the vehicle.
  • the on-board data includes the vehicle's speed data, acceleration data, steering angle data, fuel consumption data, emission data, etc., as well as vehicle location data, road condition data, weather data, traffic status data, etc.
  • the switch chip 101 including the hardware acceleration component 200 and the data processing component 300 can provide network security functions, including security detection, security access control, traffic filtering and firewalls. It can monitor and screen network traffic in real time, detect and prevent potential network security threats, and protect vehicle networks from malicious attacks and data leaks.
  • the data transmission interface is a PHY Ethernet physical interface
  • the vehicle-mounted data is vehicle-mounted Ethernet data.
  • the PHY Ethernet physical interface is a standard interface for transmitting data in a computer network. It sends data from a computer or other device to another computer or device in the network, and transmits the received data back to the sender.
  • the PHY Ethernet physical interface can transmit data in a wired or wireless manner, and is fast, stable and reliable.
  • the vehicle Ethernet data includes various sensor data of the vehicle (such as speed data, fuel data, temperature data, etc.), communication data between electronic control components, and audio and video data in the vehicle entertainment system, etc.
  • vehicle sensors When the vehicle is driving, the vehicle sensors will collect various vehicle Ethernet data, such as speed data, steering angle data, acceleration data, etc.
  • vehicle Ethernet data will be transmitted to the switch chip 101 through the vehicle Ethernet physical interface.
  • the vehicle entertainment system can also receive audio and video data through the PHY Ethernet physical interface, so that passengers can enjoy music, videos and other entertainment content in the car.
  • the PHY Ethernet physical interface and vehicle Ethernet data make the vehicle's data transmission and communication efficient and reliable.
  • the central gateway controller 10 further includes a main control chip 102 connected to the switch chip 101 .
  • the main control chip 102 can realize other functions in addition to the above-mentioned network security functions such as network security detection and processing.
  • the network security detection function can be implemented in the switch chip 101, which can effectively reduce the data processing pressure of the main control chip 102 and reduce the data bandwidth requirement between the main control chip 102 and the switch chip 101.
  • the vehicle-mounted data corresponding to other functions can be smoothly and completely transmitted to the main control chip 102, ensuring the effective implementation of other functions, thereby ensuring that the entire vehicle-mounted network can communicate effectively.
  • the central gateway controller 10 provided in the embodiment of the present disclosure can be configured in a switch chip 101 by setting a data exchange component 100, a hardware acceleration component 200 and a data processing component 300.
  • the chip 101 completes the analysis and security protection of the data of each electronic control component, reduces the computing load of the main control chip 102, and improves the performance of the central gateway controller 10; at the same time, by performing data analysis and processing in the switch chip 101, the data delay caused by a large amount of data transmission between the switch chip 101 and the main control chip 102 can be reduced, the real-time performance of data transmission and processing, as well as the response speed of each component of the central gateway controller 10 can be improved, and the bandwidth requirement between the switch chip 101 and the main control chip 102 can be reduced, so as to ensure that the main control chip 102 can process other functional data.
  • the data exchange component 100 is further configured to send the vehicle data to be analyzed to the hardware acceleration component 200 according to preset analysis rules and/or configuration parameters.
  • the data exchange component 100 can filter and obtain the vehicle data to be analyzed (referred to as the data to be analyzed) from the received vehicle data according to preset analysis rules and/or configuration parameters, and send the data to be analyzed to the hardware acceleration component 200 for analysis.
  • the data exchange component 100 includes an acquisition component configured to acquire the vehicle data to be analyzed according to the data type of the vehicle data, and the data type includes TCP data and UDP data. That is, the above-mentioned preset analysis rule can be the data type.
  • TCP is a reliable connection-oriented protocol that provides reliability and flow control mechanisms for data transmission.
  • TCP data is transmitted in byte stream format, and each TCP data packet has a sequence number to ensure that the data arrives at the destination in the correct order.
  • UDP is a connectionless protocol that provides a simple way to transmit data.
  • UDP data is transmitted in datagram format, and each UDP data packet has source port and destination port information, but there is no confirmation mechanism or retransmission mechanism.
  • UDP is suitable for real-time data transmission, such as audio and video streaming.
  • the acquisition component of the data exchange component 100 usually confirms the data type based on the header information of the data packet.
  • the data exchange component 100 checks the protocol field of the data packet to determine whether the data type is TCP data or UDP data.
  • TCP data the header of the TCP protocol contains source port and destination port fields, and then the TCP data can be identified through these fields.
  • the value range of the source port and the destination port is 0-65535, and some known port numbers have been assigned to specific applications. That is, by checking the range of port numbers and the known port number list, it can be confirmed that the data type is TCP data.
  • the header of the UDP protocol also contains source port and destination port fields. By checking the value range of these fields and the known port number list, it can be confirmed that the data type is UDP data.
  • the data exchange component 100 can only receive two types of data, TCP data and UDP data, when receiving vehicle data, so as to facilitate the subsequent hardware acceleration component based on more accurate data.
  • 200 and the data processing component 300 perform data processing, so that network security detection can be performed more accurately and at the same time, the data processing efficiency can be improved.
  • the preset analysis rules may be rules for identifying specific driving states of the vehicle, such as rules for identifying sudden acceleration, sudden deceleration, sharp turns, speeding, etc., so as to send the data of the special driving state as the data to be analyzed to the hardware acceleration component 200.
  • the preset analysis rules may also be data transmission ports, etc. For example, when the data exchange component 100 receives vehicle-borne data from multiple data transmission ports, the data of the preset data transmission ports may be sent to the hardware acceleration component 200 as the data to be analyzed.
  • the configuration parameters may be parameters for obtaining the data to be analyzed, such as the vehicle type, the time for obtaining the vehicle data, etc.
  • the preset analysis rules and configuration parameters can be set and adjusted according to specific vehicle data analysis needs and network security detection needs, so as to better realize vehicle data analysis and network security detection.
  • the hardware acceleration component 200 is configured to analyze the vehicle-mounted data to be analyzed according to a preset deep learning model to obtain an analysis result.
  • the hardware acceleration component 200 can analyze the data flow, data content, etc. of the data to be analyzed according to a preset deep learning model, and determine whether there is any abnormal flow or abnormal data.
  • the deep learning model may include multiple types, for example, Convolutional Neural Network (CNN), Long Short-Term Memory (LSTM), Generative Adversarial Networks (GAN), etc.
  • CNN Convolutional Neural Network
  • LSTM Long Short-Term Memory
  • GAN Generative Adversarial Networks
  • the data processing component 300 is configured to update the data exchange rules of the data exchange component 100 in response to the detected analysis result indicating the existence of a network threat.
  • the data processing component 300 When the data processing component 300 receives the analysis results from the hardware acceleration component 200, it analyzes the analysis results and detects whether there are network threats therein, wherein the network threats include: remote intrusion, in which the attacker can exploit loopholes or weaknesses in the vehicle data to remotely invade the vehicle's control system, which enables the attacker to manipulate the vehicle's operation, such as controlling braking, acceleration and steering; remote control, in which the attacker can interfere with the vehicle's operation by remotely controlling the vehicle's Internet connection, which can cause the vehicle to lose control or perform operations not controlled by the driver; wireless signal interference, in which the attacker can Use wireless signal interference technology to interfere with the vehicle's communication system (such as the Ethernet transmission system in this embodiment), resulting in the vehicle's communication and control functions being affected; malware and viruses, the network threat mode is that the vehicle system can be infected by malware, viruses or malicious codes carried in the vehicle data, which leads to abnormal vehicle operation, data leakage and other security issues; data privacy issues, the network threat mode is that vehicles connected to the Internet can collect a
  • the data processing component 300 can perform targeted analysis on the abnormal traffic or abnormal data in the analysis results, determine whether the abnormal traffic or abnormal data carries network threats such as malware or viruses, and thus detect whether the vehicle has network security risks.
  • the data processing component 300 can also analyze the normal data transmitted by the hardware acceleration component 200. For example, after the hardware acceleration component 200 analyzes the vehicle-mounted data to be analyzed and obtains the upgrade data of the vehicle control system, the data processing component 300 can determine whether the upgrade data is the latest data, and whether the upgrade data carries malware or viruses, etc., so as to detect whether the vehicle is subject to network threats.
  • the data processing component 300 analyzes the analysis result of the hardware acceleration component 200. After determining that there is a network threat, the data processing component 300 will trigger the operation of updating the data exchange rules of the data exchange component 100. In this way, the data exchange component 100 will update the transmission strategy of the corresponding data, enhance the encryption and authentication mechanism of the data, or limit the data exchange of specific sources, etc., to improve the security of vehicle-mounted data transmission and vehicle communication.
  • the data processing component 300 detects abnormal network activity in a data packet sent by the first electronic control component 103 (for example, the analysis result of the hardware acceleration component 200 performing deep learning analysis on the vehicle-mounted data sent by the first electronic control component 103), such as a large number of unknown network connections and frequent port scanning behaviors. Based on these abnormal features, the data processing component 300 determines that there is a network threat and immediately triggers the operation of updating the data exchange rules of the data exchange component 100.
  • abnormal network activity in a data packet sent by the first electronic control component 103 for example, the analysis result of the hardware acceleration component 200 performing deep learning analysis on the vehicle-mounted data sent by the first electronic control component 103
  • the data processing component 300 determines that there is a network threat and immediately triggers the operation of updating the data exchange rules of the data exchange component 100.
  • the updated data exchange rules may include: limiting the frequency of data exchange with the first electronic control component 103, adding an encryption mechanism for data transmission to prevent information leakage, etc. In this way, network threats can be detected and data exchange rules can be updated in a timely manner through the switch chip 101.
  • the switch chip 101 can prevent and respond to network threats in a timely and effective manner, thereby protecting the communication data security of the vehicle.
  • the central gateway controller 10 further includes a memory configured to respond to If the analysis result detected is that there is no network threat, the vehicle data received by the data exchange component 100 is stored.
  • the memory stores the vehicle data received by the data exchange component 100 when no network risk or security risk is found.
  • the above method can be used as a backup mechanism to save the vehicle data for later use during normal operation.
  • the second electronic control component 104 transmits the collected vehicle data to the switch chip 101.
  • the memory of the central gateway controller 10 will store these vehicle data and perform subsequent processing and analysis. These vehicle data can be used for traffic flow monitoring, road condition optimization, and intelligent traffic management.
  • the main control chip 102 and the switch chip 101 are connected via a PCIe interface or a RGMII interface.
  • the PCIe interface is a high-speed serial interface with very high bandwidth and low latency.
  • the PCIe interface can support multiple channels and high-speed data transmission, allowing the connected devices to quickly transmit large amounts of data.
  • the RGMII interface is a parallel interface for transmitting data. It uses 4-bit or 8-bit data lines for transmission and is synchronized according to a clock signal.
  • the RGMII interface generally supports Gigabit Ethernet (GbE) data transmission rates. These two connection methods can provide high-speed and reliable data transmission, allowing the central gateway controller 10 to effectively control and manage various devices connected to the switch chip 101.
  • GbE Gigabit Ethernet
  • the main control chip 102 is connected to the switch chip 101 through a PCIe interface, and the main control chip 102 can perform fast data transmission and communication with the switch chip 101.
  • the central gateway controller 10 can monitor and control the status and flow of each device connected to the switch chip 101 through the PCIe interface. For example, the data transmission speed between electronic control components can be monitored, and the network bandwidth can be adjusted to ensure the operation efficiency of the data center.
  • the central gateway controller 10 can also be connected to other external devices, such as storage devices or firewalls, through the PCIe interface or RGMII interface. Through these interfaces, the main control chip 102 can quickly exchange and communicate data with these devices to achieve comprehensive management and control of the entire network.
  • the data transmission interface further includes at least one of a CAN interface, a LIN interface, a CANFD interface, a FlexRay interface, and an Ethernet interface.
  • Ethernet interface in addition to using the Ethernet interface to transmit Ethernet data, other data can also be transmitted through other types of transmission interfaces to facilitate the transmission of different vehicle-mounted data, thereby utilizing The switch chip 101 processes the transmitted vehicle data.
  • the CAN interface is a highly reliable and real-time serial bus communication standard used for multi-node communication in the vehicle field.
  • the CAN interface is used to transmit vehicle control information, such as the vehicle's speed, brake status, etc.
  • the CAN interface can achieve real-time data transmission and communication between multiple nodes.
  • the LIN interface is a low-cost, low-rate serial bus communication standard, mainly used for low-rate data transmission in vehicle electronic systems.
  • the LIN interface is usually used to connect in-vehicle electronic modules, such as controlling vehicle doors and windows, seat adjustment and other functions.
  • the CANFD interface is an extended version of the CAN interface that can support higher data transmission rates and larger data loads.
  • the CANFD interface can provide higher data transmission capacity and is suitable for applications that require high-speed data transmission, such as Advanced Driver Assistance Systems (ADAS) and vehicle intelligence.
  • the FlexRay interface is a high-speed, redundant, and real-time serial bus communication standard used for real-time data transmission and communication in vehicle electronic systems. FlexRay interface can be used to control the vehicle's safety system and advanced driver assistance system, such as Anti-lock Braking System (ABS) and Electronic Stability Control (ESC).
  • LAN transmission protocol interface (such as Ethernet interface) is used for data transmission interface. Ethernet interface is widely used in systems such as in-vehicle entertainment system, In-Vehicle Infotainment (IVI) and in-vehicle communication system, and can support high-speed data transmission and applications with high real-time requirements. These data transmission interfaces have their own applications in different systems to meet the different needs of vehicle data transmission and communication.
  • FIG2 is a flow chart of a data processing method according to an embodiment of the present disclosure.
  • the data processing method is applied to the switch chip 101 of the central gateway controller 10.
  • the switch chip 101 has a plurality of data transmission interfaces for connecting to the electronic control components of the vehicle.
  • the data processing method specifically includes the following steps:
  • S101 receiving vehicle data sent by the electronic control component through the data transmission interface.
  • vehicle-mounted data refers to vehicle-related data obtained by various sensors during driving.
  • Vehicle-mounted data includes vehicle speed data, acceleration data, steering angle data, fuel consumption data, emission data, etc., as well as vehicle location data, road condition data, weather data, traffic status data, etc.
  • the multiple electronic control components can be different electronic control components of the same vehicle or different electronic control components of different vehicles.
  • the data exchange component 100 of the switch chip 101 in the central gateway controller 10 can communicate with these electronic control components through multiple data transmission interfaces.
  • the switch chip 101 receives the speed data of the engine control component through the data transmission interface.
  • the data exchange component 100 includes an internal logic circuit for sending and receiving data according to a specific data sending and receiving rule, and transmitting the vehicle data from the electronic control component of the vehicle to the central gateway controller 10, or sending the vehicle data from the central gateway controller 10 to the electronic control component of the vehicle.
  • the hardware acceleration component 200 of the switch chip 101 can quickly analyze the vehicle data, for example, to detect whether the data flow has a sudden increase or other data abnormality.
  • the data processing component 300 of the switch chip 101 can perform network security detection based on the analysis results of the hardware acceleration component 200 to determine whether there are network threats such as malware or network viruses, and promptly discover potential network security threats such as Trojans or vulnerabilities carried in the vehicle data, thereby ensuring vehicle communication security and information security.
  • the data processing method provided by the embodiment of the present disclosure can utilize the switch chip 101 of the central gateway controller 10 to receive the vehicle-mounted data sent by the electronic control component through the data transmission interface, analyze the vehicle-mounted data to obtain the analysis result, and perform network security detection on the vehicle according to the analysis result.
  • the analysis and security protection of the data of each electronic control component can be completed inside the switch chip 101, the computing load of the main control chip 102 can be reduced, and the performance of the central gateway controller 10 can be improved; at the same time, by performing data analysis and processing in the switch chip 101, the data delay caused by a large amount of data transmission between the switch chip 101 and the main control chip 102 can be reduced, the real-time performance of data transmission and processing can be achieved, the response speed of each component of the central gateway controller 10 can be improved, and the bandwidth requirement between the switch chip 101 and the main control chip 102 can be reduced, so as to ensure the processing of other functional data by the main control chip 102.
  • the method further includes:
  • the vehicle data to be analyzed is obtained.
  • the data exchange component 100 can filter and obtain the vehicle data to be analyzed (hereinafter referred to as the data to be analyzed) from the received vehicle data according to the preset analysis rules and/or configuration parameters, and The analysis data is sent to the hardware acceleration component 200 for analysis.
  • the data exchange component 100 includes an acquisition component configured to acquire the vehicle data to be analyzed according to the data type of the vehicle data, and the data type includes TCP data and UDP data. That is, the above-mentioned preset analysis rule can be the data type.
  • the data exchange component 100 may only receive two types of data, TCP data and UDP data, so as to facilitate subsequent hardware acceleration component 200 and data processing component 300 to perform data processing based on more accurate data, thereby enabling more accurate network security detection and improving data processing efficiency.
  • the preset analysis rules may be rules for identifying specific driving states of the vehicle, such as rules for identifying sudden acceleration, sudden deceleration, sharp turns, speeding, etc., so as to send data of special driving states as data to be analyzed to the hardware acceleration component 200.
  • the preset analysis rules may also be data transmission ports, etc. For example, when the data exchange component 100 receives vehicle-borne data from multiple data transmission ports, the data of the preset data transmission ports may be sent to the hardware acceleration component 200 as data to be analyzed.
  • the configuration parameters may be parameters for obtaining the data to be analyzed, such as the vehicle type, the time for obtaining the vehicle data, etc.
  • the preset analysis rules and configuration parameters can be set and adjusted according to specific vehicle data analysis needs and network security detection needs, so as to better realize vehicle data analysis and network security detection.
  • step S102 the vehicle-mounted data is analyzed to obtain analysis results, including:
  • the vehicle-mounted data to be analyzed is analyzed to obtain the analysis results.
  • the hardware acceleration component 200 can analyze the data flow, data content, etc. of the data to be analyzed according to the preset deep learning model, and determine whether there is abnormal flow or abnormal data, etc.
  • the deep learning model can include various types, such as convolutional neural networks, long short-term memory networks, generative adversarial networks, etc.
  • a network security test is performed on the vehicle, including:
  • the data exchange rules of the data exchange component 100 are updated.
  • the data processing component 300 can conduct targeted analysis on the abnormal traffic or abnormal data in the analysis results to determine whether the abnormal traffic or abnormal data carries network threats such as malware or viruses, thereby detecting whether the vehicle has network security risks.
  • the data processing component 300 can also analyze the normal data transmitted by the hardware acceleration component 200. For example, after the hardware acceleration component 200 analyzes the vehicle-mounted data to be analyzed to obtain the upgrade data of the vehicle control system, the data processing component 300 can determine whether the upgrade data is the latest data, and whether the upgrade data carries malware or viruses, etc., thereby detecting whether the vehicle has network threats.
  • the data processing component 300 detects abnormal network activity in a data packet sent by the first electronic control component 103 (for example, the analysis result of the hardware acceleration component 200 performing deep learning analysis on the vehicle-mounted data sent by the first electronic control component 103), such as a large number of unknown network connections and frequent port scanning behaviors. Based on these abnormal features, the data processing component 300 determines that there is a network threat and immediately triggers the operation of updating the data exchange rules of the data exchange component 100.
  • abnormal network activity in a data packet sent by the first electronic control component 103 for example, the analysis result of the hardware acceleration component 200 performing deep learning analysis on the vehicle-mounted data sent by the first electronic control component 103
  • the data processing component 300 determines that there is a network threat and immediately triggers the operation of updating the data exchange rules of the data exchange component 100.
  • the updated data exchange rules may include: limiting the frequency of data exchange with the first electronic control component 103, adding an encryption mechanism for data transmission to prevent information leakage, etc. In this way, network threats can be detected and data exchange rules can be updated in a timely manner through the switch chip 101.
  • the switch chip 101 can prevent and respond to network threats in a timely and effective manner, thereby protecting the communication data security of the vehicle.
  • FIG3 is a flow chart of another data processing method according to an embodiment of the present disclosure. As shown in FIG3 , the specific steps of the data processing method include:
  • the data exchange component 100 receives vehicle data from different data transmission ports
  • S203 the data exchange component 100 forwards the vehicle-mounted data of the specified protocol to the hardware acceleration component 200 according to the configuration parameters;
  • the hardware acceleration component 200 performs deep learning analysis on the vehicle-mounted data of the specified protocol
  • the hardware acceleration component 200 sends the analysis result of the deep learning model to the data processing component 300;
  • step S202 storing vehicle data
  • step S207 is executed
  • the central gateway controller 10 provided in the embodiment of the present disclosure corresponds to the data processing method in the above-mentioned embodiment. Based on the above-mentioned central gateway controller 10, technicians in this field can understand the specific implementation method of the data processing method in the embodiment of the present disclosure and its various variations. Any optional options in the embodiment of the central gateway controller 10 are also applicable to the data processing method, which will not be repeated here.
  • FIG. 4 is a schematic diagram of the structure of a processor in the embodiment of the present disclosure. As shown in Figure 4, the processor 4000 is configured to run a program, wherein the program executes the method in the above embodiment when the processor runs it.
  • the processor 4000 may execute the operating program of the method in the embodiment.
  • the processor 4000 can be configured to perform the following steps: receiving vehicle-mounted data sent by the electronic control component through a data transmission interface; analyzing the vehicle-mounted data to obtain analysis results; and performing network security testing on the vehicle based on the analysis results.
  • the processor 4000 can be configured to perform the following steps: after receiving the in-vehicle data sent by the electronic control component, the method also includes: obtaining the in-vehicle data to be analyzed according to preset analysis rules and/or configuration parameters; analyzing the in-vehicle data to obtain analysis results, including: analyzing the in-vehicle data to be analyzed according to a preset deep learning model to obtain analysis results; performing network security detection on the vehicle based on the analysis results, including: in response to the detected analysis result that there is a network threat, updating the data exchange rules of the data exchange component.
  • the processor 4000 may also be configured to perform the following steps: performing a network security check on the vehicle based on the analysis result, including: in response to the detected analysis result being that no network threat exists, storing the vehicle-mounted data received by the data exchange component.
  • the processor 4000 may also be configured to perform the following steps: obtaining the vehicle data to be analyzed according to the data type of the vehicle data, wherein the data type transmission control protocol includes TCP data and User Datagram Protocol UDP data.
  • the data type transmission control protocol includes TCP data and User Datagram Protocol UDP data.
  • FIG. 5 is a flowchart of a computer program product according to an embodiment of the present disclosure. As shown in Figure 5, an embodiment of the present disclosure further provides a computer program product.
  • the computer program product 5000 includes a non-volatile computer-readable storage medium.
  • the non-volatile computer-readable storage medium stores a computer program. When the computer program is executed by a processor, the method provided in the embodiment of the present disclosure is implemented.
  • the embodiments of the present disclosure also provide a computer program, which implements the method provided in the embodiments of the present disclosure when the computer program is executed by a processor.
  • the computer program described above implements the following steps when executed by a processor: receiving vehicle-mounted data sent by an electronic control component through a data transmission interface; analyzing the vehicle-mounted data to obtain analysis results; and performing network security testing on the vehicle based on the analysis results.
  • the above-mentioned computer program implements the program code of the following steps when executed by the processor: after receiving the on-board data sent by the electronic control component, the method also includes: obtaining the on-board data to be analyzed according to preset analysis rules and/or configuration parameters; analyzing the on-board data to obtain analysis results, including: analyzing the on-board data to be analyzed according to a preset deep learning model to obtain analysis results; performing network security detection on the vehicle according to the analysis results, including: in response to the detected analysis result that there is a network threat, updating the data exchange rules of the data exchange component.
  • the computer program described above implements the following program code when executed by a processor: based on the analysis result, performing a network security check on the vehicle, including: in response to the detected analysis result that no network threat exists, storing the vehicle-mounted data received by the data exchange component.
  • the computer program implements the following program code when executed by the processor: obtaining the vehicle data to be analyzed according to the data type of the vehicle data, wherein the data type transmission control protocol includes TCP data and User Datagram Protocol UDP data.
  • the data type transmission control protocol includes TCP data and User Datagram Protocol UDP data.
  • FIG6 is a flowchart of a computer-readable storage medium according to an embodiment of the present disclosure. As shown in FIG6 , the present disclosure further provides a computer-readable storage medium, wherein the computer-readable medium 6000 stores a computer program, and the steps of the above method are implemented when the computer program is executed by a processor.
  • the computer-readable storage medium of the embodiments of the present disclosure may adopt any combination of one or more computer-readable media.
  • the computer-readable medium may be a computer-readable signal medium or a computer-readable storage medium.
  • the computer-readable storage medium may be, for example, but not limited to, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, device, or device, or any combination thereof.
  • the computer-readable storage medium may be any computer-readable medium that contains or stores a program.
  • the program may be used by or in conjunction with an instruction execution system, apparatus, or device, for example, the memory described above.
  • FIG7 is a flow chart of an electronic device according to an embodiment of the present disclosure. As shown in FIG7 , an embodiment of the present disclosure further provides an electronic device, wherein the electronic device 7000 includes at least a memory and a processor, wherein a computer program is stored in the memory, and the processor implements the steps of the above method when executing the computer program in the memory.
  • the electronic device 7000 includes at least a memory and a processor, wherein a computer program is stored in the memory, and the processor implements the steps of the above method when executing the computer program in the memory.
  • the processor that executes the computer program may be a processing device including one or more general-purpose processing devices, such as a microprocessor, etc. More specifically, the processor may be a complex instruction set computing (CISC) microprocessor, a reduced instruction set computing (RISC) microprocessor, a very long instruction word (VLIW) microprocessor, a processor that runs other instruction sets, or a processor that runs a combination of instruction sets.
  • the processor may also be one or more special-purpose processing devices, such as an application-specific integrated circuit (ASIC), a field programmable gate array (FPGA), a digital signal processor (DSP), a system on a chip (SoC), etc.
  • ASIC application-specific integrated circuit
  • FPGA field programmable gate array
  • DSP digital signal processor
  • SoC system on a chip
  • the memory may be a read-only memory (ROM), a random access memory (RAM), a phase-change random access memory (PRAM), a static random access memory (SRAM), a dynamic random access memory (DRAM), an electrically erasable programmable read-only memory (EEPROM), other types of random access memory (RAM), a flash disk or other form of flash memory, a cache, a register, a static memory, a compact disk read-only memory (CD-ROM), a digital versatile disk (DVD) or other optical storage, a cassette or other magnetic storage device, or any other possible non-transitory medium used to store information or instructions that can be accessed by a computer device.
  • ROM read-only memory
  • RAM random access memory
  • PRAM phase-change random access memory
  • SRAM static random access memory
  • DRAM dynamic random access memory
  • EEPROM electrically erasable programmable read-only memory
  • RAM random access memory
  • flash disk or other form of flash memory a cache, a register, a static memory,
  • the electronic device is preferably a central gateway controller 10 including the above-mentioned switch chip 101, the processor includes a data exchange component 100, a hardware acceleration component 200 and a data processing component 300, and the memory is the memory of the switch chip 101.
  • the electronic device may include more or fewer components, for example, may further include a communication interface, etc., or may combine certain components, or arrange the components differently.
  • the electronic devices of the embodiments of the present disclosure may include, but are not limited to, fixed terminal devices capable of email transmission such as servers, desktop computers, digital TVs, etc., and mobile terminal devices capable of email transmission such as vehicle-mounted devices (such as vehicle-mounted multimedia devices), handheld devices (such as mobile phones, tablet computers, etc.), wearable devices (such as smart watches, smart bracelets, etc.), etc.
  • fixed terminal devices capable of email transmission such as servers, desktop computers, digital TVs, etc.
  • mobile terminal devices capable of email transmission such as vehicle-mounted devices (such as vehicle-mounted multimedia devices), handheld devices (such as mobile phones, tablet computers, etc.), wearable devices (such as smart watches, smart bracelets, etc.), etc.
  • the storage medium mentioned above in the present disclosure may be a computer-readable signal medium or a computer-readable storage medium or any combination of the above two.
  • it may be - but not limited to - an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, device or device, or any combination of the above.
  • Computer-readable storage media may include, but are not limited to: an electrical connection with one or more wires, a portable computer disk, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the above.
  • RAM random access memory
  • ROM read-only memory
  • EPROM or flash memory erasable programmable read-only memory
  • CD-ROM portable compact disk read-only memory
  • magnetic storage device or any suitable combination of the above.
  • the solution provided by the embodiment of the present disclosure may be a central gateway controller, including a switching switch chip, the switch chip having multiple data transmission interfaces for connecting to the electronic control components of the vehicle, the switch chip including a data exchange component, a hardware acceleration component and a data processing component, the data exchange component being configured to receive and send on-board data of the vehicle through the data transmission interface, the hardware acceleration component being configured to analyze the on-board data to obtain an analysis result; the data processing component being configured to perform network security detection on the vehicle according to the analysis result of the hardware acceleration component, thereby solving the technical problem that a large amount of data transmitted from the switch chip to the main control chip increases the load of the main control chip, causing delays and bandwidth waste, and achieving the technical effect that a large amount of data transmitted from the switch chip to the main control chip increases the load of the main control chip without causing delays and bandwidth waste.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Small-Scale Networks (AREA)

Abstract

Provided in the embodiments of the present disclosure are a central gateway controller and a data processing method. The central gateway controller comprises a switch chip, the switch chip being provided with a plurality of data transmission interfaces used for being connected to electronic control components of a vehicle. The switch chip comprises a data switching component, a hardware acceleration component and a data processing component. The data switching component is configured to send and receive vehicle-onboard data of the vehicle via the data transmission interfaces; the hardware acceleration component is configured to analyze the vehicle-onboard data to obtain an analysis result; and the data processing component is configured to perform network security detection on the vehicle on the basis of the analysis result of the hardware acceleration component. The present disclosure can complete within the switch chip the analysis and security protection for data of each electronic control component, thereby reducing the computation load of a main control chip, reducing data latency caused by mass data transmission between the switch chip and the main control chip, reducing bandwidth requirements between the switch chip and the main control chip, and ensuring processing of other functional data by the main control chip.

Description

一种中央网关控制器及数据处理方法A central gateway controller and data processing method

交叉援引Cross-references

本公开要求于2023年09月19日提交中国专利局、申请号为202311212169.9、发明名称为“一种中央网关控制器及数据处理方法”的中国专利申请的优先权,其全部内容通过引用结合在本公开中。This disclosure claims the priority of the Chinese patent application filed with the China Patent Office on September 19, 2023, with application number 202311212169.9 and invention name “A Central Gateway Controller and Data Processing Method”, all contents of which are incorporated by reference in this disclosure.

技术领域Technical Field

本公开涉及网络通信技术领域,具体地涉及一种中央网关控制器及数据处理方法。The present disclosure relates to the field of network communication technology, and in particular to a central gateway controller and a data processing method.

背景技术Background Art

随着车辆电子电气架构的发展,中央网关控制器或中央智能域控制器作为车辆网络架构中的通信中枢,扮演着控制器局域网络(Controller Area Network,简称为CAN)/局部互联网络(Local Interconnect Network,简称为LIN)/以太网混合网络路由的重要角色。对于以太网通信路由,均需要通过switch芯片完成数据交换转发功能。中央网关控制器除了通过switch芯片完成数据交换外,还需要考虑数据分析和安全防护的问题。With the development of vehicle electronic and electrical architecture, the central gateway controller or central intelligent domain controller, as the communication hub in the vehicle network architecture, plays an important role in the routing of the Controller Area Network (CAN)/Local Interconnect Network (LIN)/Ethernet hybrid network. For Ethernet communication routing, the data exchange and forwarding functions need to be completed through the switch chip. In addition to completing data exchange through the switch chip, the central gateway controller also needs to consider data analysis and security protection issues.

中央网关控制器的数据分析通常在主控芯片进行,该方案存在以下不足之处:1)当交换芯片(比如switch芯片)向中央网关控制器的主控芯片传输海量数据时,主控芯片在数据分析过程中将耗用大量计算资源,从而增加主控芯片的负载量。2)switch芯片与主控芯片之间的数据传输存在一定的延迟。3)数据传输将占用大量带宽,其中,大部分数据用于主控芯片进行安全防护分析,导致传输至主控芯片的其他功能相关的数据较少,影响其他功能的实现。The data analysis of the central gateway controller is usually performed on the main control chip. This solution has the following shortcomings: 1) When the switching chip (such as the switch chip) transmits massive data to the main control chip of the central gateway controller, the main control chip will consume a lot of computing resources during the data analysis process, thereby increasing the load of the main control chip. 2) There is a certain delay in data transmission between the switch chip and the main control chip. 3) Data transmission will occupy a large amount of bandwidth, of which most of the data is used for security protection analysis by the main control chip, resulting in less data related to other functions transmitted to the main control chip, affecting the realization of other functions.

发明内容Summary of the invention

本公开实施例的目的在于提供一种中央网关控制器及数据处理方法,以解决现有技术中存在的switch芯片向主控芯片传输大量数据增加主控芯 片负载,导致延迟和带宽浪费等技术问题。The purpose of the embodiments of the present disclosure is to provide a central gateway controller and a data processing method to solve the problem in the prior art that a switch chip transmits a large amount of data to a main control chip and increases the main control chip The chip load leads to technical problems such as delay and bandwidth waste.

为了解决上述技术问题,本公开的实施例采用了如下技术方案:In order to solve the above technical problems, the embodiments of the present disclosure adopt the following technical solutions:

一种中央网关控制器,包括switch芯片,switch芯片具有多个用于与车辆的电子控制组件连接的数据传输接口,switch芯片包括数据交换组件、硬件加速组件和数据处理组件,数据交换组件配置为通过数据传输接口收发车辆的车载数据,硬件加速组件配置为对车载数据进行分析,得到分析结果;数据处理组件配置为根据硬件加速组件的分析结果,对车辆进行网络安全检测。A central gateway controller includes a switch chip, the switch chip has multiple data transmission interfaces for connecting to electronic control components of a vehicle, the switch chip includes a data exchange component, a hardware acceleration component and a data processing component, the data exchange component is configured to send and receive vehicle-mounted data of the vehicle through the data transmission interface, the hardware acceleration component is configured to analyze the vehicle-mounted data to obtain analysis results; the data processing component is configured to perform network security detection on the vehicle according to the analysis results of the hardware acceleration component.

在一些实施例中,数据交换组件还配置为根据预设的分析规则和/或配置参数,将待分析的车载数据发送至硬件加速组件;In some embodiments, the data exchange component is further configured to send the vehicle data to be analyzed to the hardware acceleration component according to preset analysis rules and/or configuration parameters;

硬件加速组件配置为根据预设的深度学习模型,对待分析的车载数据进行分析,得到分析结果;The hardware acceleration component is configured to analyze the vehicle data to be analyzed according to a preset deep learning model to obtain an analysis result;

数据处理组件配置为响应于检测到的分析结果为存在网络威胁,对数据交换组件的数据交换规则进行更新。The data processing component is configured to update the data exchange rules of the data exchange component in response to the detected analysis result indicating the existence of a network threat.

在一些实施例中,数据交换组件包括获取组件,配置为根据车载数据的数据类型,获取待分析的车载数据,数据类型包括传输控制协议(Transmission Control Protocol,简称为TCP)数据和用户数据报协议(User Datagram Protocol,简称为UDP)数据。In some embodiments, the data exchange component includes an acquisition component configured to acquire the vehicle data to be analyzed based on the data type of the vehicle data, the data type including Transmission Control Protocol (TCP) data and User Datagram Protocol (UDP) data.

在一些实施例中,中央网关控制器还包括存储器,存储器配置为响应于检测到的所述分析结果为未存在网络威胁,存储数据交换组件接收的车载数据。In some embodiments, the central gateway controller further includes a memory configured to store the vehicle data received by the data exchange component in response to detecting that the analysis result indicates that no network threat exists.

在一些实施例中,中央网关控制器还包括与switch芯片连接的主控芯片,主控芯片和switch芯片通过高速串行接口(比如PCIe接口)或吉比特介质独立接口(RGMII接口)连接。In some embodiments, the central gateway controller also includes a main control chip connected to the switch chip, and the main control chip and the switch chip are connected via a high-speed serial interface (such as a PCIe interface) or a gigabit media independent interface (RGMII interface).

在一些实施例中,数据传输接口为物理层(Physical Layer,简称为PHY)以太网物理接口,车载数据为车载以太网数据。In some embodiments, the data transmission interface is a physical layer (Physical Layer, referred to as PHY) Ethernet physical interface, and the on-board data is on-board Ethernet data.

在一些实施例中,数据传输接口还包括CAN接口、LIN接口、另一种CAN接口(比如CANFD接口)、实时通信协议接口(比如FlexRay接口)和局域网传输协议接口(比如Ethernet接口)中的至少一个。In some embodiments, the data transmission interface also includes at least one of a CAN interface, a LIN interface, another CAN interface (such as a CANFD interface), a real-time communication protocol interface (such as a FlexRay interface), and a local area network transmission protocol interface (such as an Ethernet interface).

本公开实施例还提供一种数据处理方法,应用于中央网关控制器的switch芯片,switch芯片具有多个用于与车辆的电子控制组件连接的数据 传输接口,该方法包括:The disclosed embodiment also provides a data processing method, which is applied to a switch chip of a central gateway controller, wherein the switch chip has a plurality of data for connecting to an electronic control component of a vehicle. The transmission interface comprises:

通过数据传输接口接收电子控制组件发送的车载数据;receiving vehicle-mounted data sent by the electronic control component through a data transmission interface;

对车载数据进行分析,得到分析结果;Analyze the vehicle data and obtain the analysis results;

根据分析结果,对车辆进行网络安全检测。Based on the analysis results, the vehicle is tested for network security.

在一些实施例中,该方法还包括:In some embodiments, the method further comprises:

在接收电子控制组件发送的车载数据之后,该方法还包括:根据预设的分析规则和/或配置参数,获取待分析的车载数据;After receiving the vehicle-mounted data sent by the electronic control component, the method further includes: acquiring the vehicle-mounted data to be analyzed according to preset analysis rules and/or configuration parameters;

对车载数据进行分析,得到分析结果,包括:Analyze the vehicle data and obtain the analysis results, including:

根据预设的深度学习模型,对待分析的车载数据进行分析,得到分析结果;According to the preset deep learning model, the vehicle data to be analyzed is analyzed to obtain the analysis results;

根据分析结果,对车辆进行网络安全检测,包括:Based on the analysis results, the vehicle is tested for network security, including:

响应于检测到的分析结果为存在网络威胁,对数据交换组件的数据交换规则进行更新。In response to the detected analysis result indicating the existence of a network threat, the data exchange rules of the data exchange component are updated.

在一些实施例中,根据分析结果,对车辆进行网络安全检测,包括:响应于检测到的分析结果为未存在网络威胁,存储数据交换组件接收的车载数据。In some embodiments, based on the analysis results, a network security check is performed on the vehicle, including: in response to the detected analysis result that no network threat exists, storing the vehicle data received by the data exchange component.

在一些实施例中,该方法还包括:根据车载数据的数据类型,获取待分析的车载数据,其中,数据类型包括传输控制协议TCP数据和用户数据报协议UDP数据。In some embodiments, the method further includes: acquiring the vehicle-mounted data to be analyzed according to a data type of the vehicle-mounted data, wherein the data type includes Transmission Control Protocol TCP data and User Datagram Protocol UDP data.

本公开实施例提供的中央网关控制器及数据处理方法,通过在中央网关控制器的switch芯片中设置数据交换组件、硬件加速组件和数据处理组件,可以在switch芯片内部完成对各个电子控制组件数据的分析和安全防护,降低主控芯片的计算负荷,提高中央网关控制器的性能;同时,通过在switch芯片中进行数据分析和处理,可以减少switch芯片与主控芯片之间进行大量数据传输造成的数据时延,实现数据传输和处理的实时性,提高中央网关控制器各部件的响应速度,并减少switch芯片与主控芯片之间的带宽需求,保证主控芯片对其他功能数据的处理。The central gateway controller and data processing method provided by the embodiments of the present disclosure can complete the analysis and security protection of the data of each electronic control component inside the switch chip by setting a data exchange component, a hardware acceleration component and a data processing component in the switch chip of the central gateway controller, reduce the calculation load of the main control chip, and improve the performance of the central gateway controller; at the same time, by performing data analysis and processing in the switch chip, the data delay caused by a large amount of data transmission between the switch chip and the main control chip can be reduced, the real-time performance of data transmission and processing can be achieved, the response speed of each component of the central gateway controller can be improved, and the bandwidth requirement between the switch chip and the main control chip can be reduced, so as to ensure the main control chip's processing of other functional data.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

为了更清楚地说明本公开实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单的介绍,显而易见地, 下面描述中的附图仅仅是本公开中记载的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present disclosure or the prior art, the following briefly introduces the drawings required for use in the embodiments or the prior art description. Obviously, The drawings described below are only some embodiments described in the present disclosure. For ordinary technicians in this field, other drawings can be obtained based on these drawings without any creative work.

图1为本公开实施例的一种中央网关控制器的架构图;FIG1 is an architecture diagram of a central gateway controller according to an embodiment of the present disclosure;

图2为本公开实施例的一种数据处理方法的流程图;FIG2 is a flow chart of a data processing method according to an embodiment of the present disclosure;

图3为本公开实施例的另一种数据处理方法的流程图;FIG3 is a flow chart of another data processing method according to an embodiment of the present disclosure;

图4为本公开实施例的一种处理器的结构示意图;FIG4 is a schematic diagram of the structure of a processor according to an embodiment of the present disclosure;

图5为本公开实施例的一种计算机程序产品的流程图;FIG5 is a flowchart of a computer program product according to an embodiment of the present disclosure;

图6为本公开实施例的一种计算机可读存储介质的流程图;FIG6 is a flow chart of a computer-readable storage medium according to an embodiment of the present disclosure;

图7为本公开实施例的一种电子设备的流程图。FIG. 7 is a flow chart of an electronic device according to an embodiment of the present disclosure.

具体实施方式DETAILED DESCRIPTION

此处参考附图描述本公开的各种方案以及特征。Various aspects and features of the present disclosure are described herein with reference to the drawings.

应理解的是,可以对此处申请的实施例做出各种修改。因此,上述说明书不应该视为限制,而仅是作为实施例的范例。本领域的技术人员将想到在本公开的范围和精神内的其他修改。It should be understood that various modifications may be made to the embodiments of the present application. Therefore, the above description should not be considered as limiting, but only as an example of an embodiment. Other modifications within the scope and spirit of the present disclosure will occur to those skilled in the art.

包含在说明书中并构成说明书的一部分的附图示出了本公开的实施例,并且与上面给出的对本公开的大致描述以及下面给出的对实施例的详细描述一起用于解释本公开的原理。The accompanying drawings, which are incorporated in and constitute a part of the specification, illustrate embodiments of the present disclosure and, together with the general description of the present disclosure given above and the detailed description of the embodiments given below, serve to explain the principles of the present disclosure.

通过下面参照附图对给定为非限制性实例的实施例的优选形式的描述,本公开的这些和其他特性将会变得显而易见。These and other characteristics of the present disclosure will become apparent from the following description of a preferred form of embodiment given as a non-limiting example, with reference to the attached drawings.

还应当理解,尽管已经参照一些具体实例对本公开进行了描述,但本领域技术人员能够确定地实现本公开的很多其他等效形式,它们具有如权利要求的特征并因此都位于借此所限定的保护范围内。It should also be understood that, although the present disclosure has been described with reference to some specific examples, those skilled in the art will be able to realize many other equivalent forms of the present disclosure that have the features of the claims and are therefore within the scope of protection defined thereby.

当结合附图时,鉴于以下详细说明,本公开的上述和其他方面、特征和优势将变得更为显而易见。The above and other aspects, features and advantages of the present disclosure will become more apparent from the following detailed description when taken in conjunction with the accompanying drawings.

此后参照附图描述本公开的具体实施例;然而,应当理解,所申请的实施例仅仅是本公开的实例,其可采用多种方式实施。熟知和/或重复的功能和结构并未详细描述以避免不必要或多余的细节使得本公开模糊不清。因此,本文所申请的具体的结构性和功能性细节并非意在限定,而是仅仅作为权利要求的基础和代表性基础用于教导本领域技术人员以实质上任意 合适的详细结构多样地使用本公开。Specific embodiments of the present disclosure are described hereinafter with reference to the accompanying drawings; however, it should be understood that the embodiments claimed are merely examples of the present disclosure, which may be implemented in a variety of ways. Well-known and/or repeated functions and structures are not described in detail to avoid obscuring the present disclosure with unnecessary or redundant details. Therefore, the specific structural and functional details claimed herein are not intended to be limiting, but merely serve as a basis and representative basis for the claims to teach those skilled in the art to use substantially any Suitable detailed structures variously use the present disclosure.

本说明书可使用词组“在一种实施例中”、“在另一个实施例中”、“在又一实施例中”或“在其他实施例中”,其均可指代根据本公开的相同或不同实施例中的一个或多个。This specification may use the phrases "in one embodiment," "in another embodiment," "in yet another embodiment," or "in other embodiments," all of which may refer to one or more of the same or different embodiments according to the present disclosure.

图1为本公开实施例的一种中央网关控制器的架构图,如图1所示,本公开的第一实施例提供一种中央网关控制器10,包括switch芯片101,switch芯片101具有多个用于与车辆的电子控制组件连接的数据传输接口,switch芯片101包括数据交换组件100、硬件加速组件200和数据处理组件300,数据交换组件100配置为通过数据传输接口收发车辆的车载数据,硬件加速组件200配置为对车载数据进行分析,得到分析结果;数据处理组件300配置为根据硬件加速组件200的分析结果,对车辆进行网络安全检测。Figure 1 is an architecture diagram of a central gateway controller of an embodiment of the present disclosure. As shown in Figure 1, the first embodiment of the present disclosure provides a central gateway controller 10, including a switch chip 101. The switch chip 101 has multiple data transmission interfaces for connecting to electronic control components of a vehicle. The switch chip 101 includes a data exchange component 100, a hardware acceleration component 200 and a data processing component 300. The data exchange component 100 is configured to send and receive vehicle-mounted data of the vehicle through the data transmission interface. The hardware acceleration component 200 is configured to analyze the vehicle-mounted data to obtain analysis results; the data processing component 300 is configured to perform network security detection on the vehicle according to the analysis results of the hardware acceleration component 200.

可选地,中央网关控制器10是一种网络设备,用于管理和控制各种网络交换设备的连接和通信,且具有负责调度数据流量、提供网络安全和监控等功能,是网络架构中的关键组件。Optionally, the central gateway controller 10 is a network device used to manage and control the connection and communication of various network switching devices, and has functions such as being responsible for scheduling data traffic, providing network security and monitoring, and is a key component in the network architecture.

switch芯片101是一种用于网络、通信和数据中心设备中的集成电路芯片,设置在中央网关控制器10内。数据传输接口为物理接口,用于连接不同设备。例如,switch芯片101通过不同的数据传输接口分别连接第一电子控制组件103、第二电子控制组件104和第三电子控制组件105,并进行数据交换。本实施例中,switch芯片101通过多个数据传输接口可以与同一车辆的不同电子控制组件连接,也可以与不同车辆的电子控制组件连接。电子控制组件可以包括发动机控制组件、制动控制组件和电池管理控制组件等。The switch chip 101 is an integrated circuit chip used in network, communication and data center equipment, and is arranged in the central gateway controller 10. The data transmission interface is a physical interface used to connect different devices. For example, the switch chip 101 is connected to the first electronic control component 103, the second electronic control component 104 and the third electronic control component 105 through different data transmission interfaces, and exchanges data. In this embodiment, the switch chip 101 can be connected to different electronic control components of the same vehicle through multiple data transmission interfaces, and can also be connected to electronic control components of different vehicles. The electronic control components may include an engine control component, a brake control component, a battery management control component, etc.

数据交换组件100包含有内部逻辑电路,用于根据特定数据收发规则收发数据,将车载数据从车辆的电子控制组件传输到中央网关控制器10,或从中央网关控制器10发送到车辆的电子控制组件。硬件加速组件200通过专门的硬件电路,对车载数据进行专门的处理和分析,以便更高效地进行网络安全检测。例如,硬件加速组件200可以检测数据流量突增等数据异常状态,并将上述数据异常状态传输至数据处理组件300。The data exchange component 100 includes an internal logic circuit for sending and receiving data according to a specific data sending and receiving rule, and transmitting the vehicle data from the electronic control component of the vehicle to the central gateway controller 10, or from the central gateway controller 10 to the electronic control component of the vehicle. The hardware acceleration component 200 uses a dedicated hardware circuit to perform special processing and analysis on the vehicle data, so as to perform network security detection more efficiently. For example, the hardware acceleration component 200 can detect data abnormalities such as a sudden increase in data traffic, and transmit the above data abnormalities to the data processing component 300.

数据处理组件300根据上述数据异常状态,对车辆进行网络安全检测,可以及时发现车载数据中携带的木马或漏洞等潜在的网络安全威胁,保证车辆通信安全和信息安全,例如发现并阻止未经授权的远程访问车辆控制系统的尝试,避免车辆控制系统受到攻击,导致车辆控制系统死机无法控 制车辆的启停等。The data processing component 300 performs network security detection on the vehicle according to the abnormal state of the above data, and can timely discover potential network security threats such as Trojans or loopholes carried in the vehicle data, and ensure the communication security and information security of the vehicle. For example, it can discover and prevent unauthorized attempts to remotely access the vehicle control system, and avoid the vehicle control system from being attacked, causing the vehicle control system to freeze and become uncontrollable. Control the start and stop of the vehicle, etc.

其中,车载数据是指车辆在行驶过程中通过各种传感器获取的车辆相关数据。车载数据包括车辆的速度数据、加速度数据、转向角度数据、油耗数据、排放数据等,还包括车辆位置数据、路况数据、天气数据、交通状态数据等。上述包含硬件加速组件200和数据处理组件300的switch芯片101可以提供网络安全功能,包括安全检测、安全访问控制、流量过滤和防火墙等。其可以对网络流量进行实时监控和筛选,检测和阻止潜在的网络安全威胁,保护车辆网络免受恶意攻击和数据泄露。Among them, the on-board data refers to the vehicle-related data obtained by various sensors during the driving process of the vehicle. The on-board data includes the vehicle's speed data, acceleration data, steering angle data, fuel consumption data, emission data, etc., as well as vehicle location data, road condition data, weather data, traffic status data, etc. The switch chip 101 including the hardware acceleration component 200 and the data processing component 300 can provide network security functions, including security detection, security access control, traffic filtering and firewalls. It can monitor and screen network traffic in real time, detect and prevent potential network security threats, and protect vehicle networks from malicious attacks and data leaks.

在一些实施例中,数据传输接口为PHY以太网物理接口,车载数据为车载以太网数据。PHY以太网物理接是一种用于在计算机网络中传输数据的标准接口。它将数据从计算机或其他设备发送到网络中的另一台计算机或设备,并将接收到的数据传输回发送方。PHY以太网物理接口可以通过有线或无线的方式进行数据传输,具有快速、稳定和可靠的特点。In some embodiments, the data transmission interface is a PHY Ethernet physical interface, and the vehicle-mounted data is vehicle-mounted Ethernet data. The PHY Ethernet physical interface is a standard interface for transmitting data in a computer network. It sends data from a computer or other device to another computer or device in the network, and transmits the received data back to the sender. The PHY Ethernet physical interface can transmit data in a wired or wireless manner, and is fast, stable and reliable.

车载以太网数据包括车辆的各种传感器数据(比如,速度数据、油量数据、温度数据等)、电子控制组件之间的通信数据以及车辆娱乐系统中的音频和视频数据等等。例如,当车辆行驶时,车载传感器会收集各种车载以太网数据,比如,速度数据、转向角度数据、加速度数据等。这些车载以太网数据会通过车载以太网物理接口传输到switch芯片101。此外,车载娱乐系统也可以通过PHY以太网物理接口接收音频和视频数据,使乘客能够在车内享受音乐、视频和其他娱乐内容。PHY以太网物理接口和车载以太网数据使得车辆的数据传输和通信变得高效、可靠。The vehicle Ethernet data includes various sensor data of the vehicle (such as speed data, fuel data, temperature data, etc.), communication data between electronic control components, and audio and video data in the vehicle entertainment system, etc. For example, when the vehicle is driving, the vehicle sensors will collect various vehicle Ethernet data, such as speed data, steering angle data, acceleration data, etc. These vehicle Ethernet data will be transmitted to the switch chip 101 through the vehicle Ethernet physical interface. In addition, the vehicle entertainment system can also receive audio and video data through the PHY Ethernet physical interface, so that passengers can enjoy music, videos and other entertainment content in the car. The PHY Ethernet physical interface and vehicle Ethernet data make the vehicle's data transmission and communication efficient and reliable.

在一些实施例中,中央网关控制器10还包括与switch芯片101连接的主控芯片102。In some embodiments, the central gateway controller 10 further includes a main control chip 102 connected to the switch chip 101 .

本实施例中,主控芯片102可以实现除上述网络安全检测、处理等网络安全功能之外的其他功能,网络安全检测功能可以在switch芯片101中实现,能够有效降低主控芯片102的数据处理压力,且降低主控芯片102和switch芯片101之间的数据带宽需求,其他功能对应的车载数据可以顺利、完整地传输至主控芯片102,保证其他功能的有效实现,从而保证整个车载网络可以有效通信。In this embodiment, the main control chip 102 can realize other functions in addition to the above-mentioned network security functions such as network security detection and processing. The network security detection function can be implemented in the switch chip 101, which can effectively reduce the data processing pressure of the main control chip 102 and reduce the data bandwidth requirement between the main control chip 102 and the switch chip 101. The vehicle-mounted data corresponding to other functions can be smoothly and completely transmitted to the main control chip 102, ensuring the effective implementation of other functions, thereby ensuring that the entire vehicle-mounted network can communicate effectively.

本公开实施例提供的中央网关控制器10通过在switch芯片101中设置数据交换组件100、硬件加速组件200和数据处理组件300,可以在switch 芯片101内部完成对各个电子控制组件数据的分析和安全防护,降低主控芯片102的计算负荷,提高中央网关控制器10的性能;同时,通过在switch芯片101中进行数据分析和处理,可以减少switch芯片101与主控芯片102之间进行大量数据传输造成的数据时延,提高数据传输和处理的实时性,以及中央网关控制器10各部件的响应速度,并减少switch芯片101与主控芯片102之间的带宽需求,保证主控芯片102对其他功能数据的处理。The central gateway controller 10 provided in the embodiment of the present disclosure can be configured in a switch chip 101 by setting a data exchange component 100, a hardware acceleration component 200 and a data processing component 300. The chip 101 completes the analysis and security protection of the data of each electronic control component, reduces the computing load of the main control chip 102, and improves the performance of the central gateway controller 10; at the same time, by performing data analysis and processing in the switch chip 101, the data delay caused by a large amount of data transmission between the switch chip 101 and the main control chip 102 can be reduced, the real-time performance of data transmission and processing, as well as the response speed of each component of the central gateway controller 10 can be improved, and the bandwidth requirement between the switch chip 101 and the main control chip 102 can be reduced, so as to ensure that the main control chip 102 can process other functional data.

在一些实施例中,数据交换组件100还配置为根据预设的分析规则和/或配置参数,将待分析的车载数据发送至硬件加速组件200。In some embodiments, the data exchange component 100 is further configured to send the vehicle data to be analyzed to the hardware acceleration component 200 according to preset analysis rules and/or configuration parameters.

本实施例中,数据交换组件100可以根据预设的分析规则和/或配置参数,从接收的车载数据中筛选获取待分析的车载数据(简称待分析数据),并将该待分析数据发送至硬件加速组件200进行分析。In this embodiment, the data exchange component 100 can filter and obtain the vehicle data to be analyzed (referred to as the data to be analyzed) from the received vehicle data according to preset analysis rules and/or configuration parameters, and send the data to be analyzed to the hardware acceleration component 200 for analysis.

可选地,数据交换组件100包括获取组件,配置为根据车载数据的数据类型,获取待分析的车载数据,数据类型包括TCP数据和UDP数据。即上述预设的分析规则可以为数据类型。Optionally, the data exchange component 100 includes an acquisition component configured to acquire the vehicle data to be analyzed according to the data type of the vehicle data, and the data type includes TCP data and UDP data. That is, the above-mentioned preset analysis rule can be the data type.

其中,TCP是一种可靠的面向连接的协议,它提供了数据传输的可靠性和流量控制机制。TCP数据使用字节流格式传输,每个TCP数据包都有一个序列号,可以确保数据按照正确的顺序到达目的地。UDP是一种无连接的协议,它提供了一种简单的数据传输方式。UDP数据使用数据报格式传输,每个UDP数据包有源端口和目的端口信息,但没有确认机制和重发机制。UDP适用于实时数据传输,如音频和视频流。Among them, TCP is a reliable connection-oriented protocol that provides reliability and flow control mechanisms for data transmission. TCP data is transmitted in byte stream format, and each TCP data packet has a sequence number to ensure that the data arrives at the destination in the correct order. UDP is a connectionless protocol that provides a simple way to transmit data. UDP data is transmitted in datagram format, and each UDP data packet has source port and destination port information, but there is no confirmation mechanism or retransmission mechanism. UDP is suitable for real-time data transmission, such as audio and video streaming.

具体的,数据交换组件100的获取组件,通常会根据数据包的头部信息来确认数据类型。数据交换组件100会检查数据包的协议字段,以便确定数据类型是TCP数据还是UDP数据。对于TCP数据,TCP协议的头部包含源端口和目的端口字段,进而通过这些字段可以识别出TCP数据。通常,源端口和目的端口的取值范围是0-65535,而一些已知的端口号已被分配给特定的应用程序。即通过检查端口号的范围和已知的端口号列表,可以确认数据类型为TCP数据。对于UDP数据,UDP协议的头部同样包含源端口和目的端口字段。通过检查这些字段的取值范围和已知的端口号列表,可以确认数据类型为UDP数据。Specifically, the acquisition component of the data exchange component 100 usually confirms the data type based on the header information of the data packet. The data exchange component 100 checks the protocol field of the data packet to determine whether the data type is TCP data or UDP data. For TCP data, the header of the TCP protocol contains source port and destination port fields, and then the TCP data can be identified through these fields. Usually, the value range of the source port and the destination port is 0-65535, and some known port numbers have been assigned to specific applications. That is, by checking the range of port numbers and the known port number list, it can be confirmed that the data type is TCP data. For UDP data, the header of the UDP protocol also contains source port and destination port fields. By checking the value range of these fields and the known port number list, it can be confirmed that the data type is UDP data.

本实施例中,数据交换组件100在接收车载数据时,可以仅接收TCP数据和UDP数据这两类数据,以根据更加准确的数据方便后续硬件加速组件 200和数据处理组件300进行数据处理,从而可以更加准确的进行网络安全检测,同时,可以提高数据处理效率。In this embodiment, the data exchange component 100 can only receive two types of data, TCP data and UDP data, when receiving vehicle data, so as to facilitate the subsequent hardware acceleration component based on more accurate data. 200 and the data processing component 300 perform data processing, so that network security detection can be performed more accurately and at the same time, the data processing efficiency can be improved.

另一些实施例中,预设的分析规则可以为用于识别车辆特定的行驶状态的规则,例如识别急加速、急减速、急转弯、超速等规则,以将特殊行驶状态的数据作为待分析数据发送至硬件加速组件200。预设的分析规则也可以为数据传输端口等,例如,当数据交换组件100接收到多个数据传输端口的车载数据后,可以将预设数据传输端口的数据作为待分析数据发送至硬件加速组件200。In other embodiments, the preset analysis rules may be rules for identifying specific driving states of the vehicle, such as rules for identifying sudden acceleration, sudden deceleration, sharp turns, speeding, etc., so as to send the data of the special driving state as the data to be analyzed to the hardware acceleration component 200. The preset analysis rules may also be data transmission ports, etc. For example, when the data exchange component 100 receives vehicle-borne data from multiple data transmission ports, the data of the preset data transmission ports may be sent to the hardware acceleration component 200 as the data to be analyzed.

配置参数可以为获取待分析数据的参数,例如,车辆类型、车载数据的获取时间等。The configuration parameters may be parameters for obtaining the data to be analyzed, such as the vehicle type, the time for obtaining the vehicle data, etc.

预设的分析规则和配置参数可以根据具体的车载数据分析需求和网络安全检测需求等进行设置和调整,从而更好地实现车载数据的分析和网络安全检测。The preset analysis rules and configuration parameters can be set and adjusted according to specific vehicle data analysis needs and network security detection needs, so as to better realize vehicle data analysis and network security detection.

优选的,硬件加速组件200配置为根据预设的深度学习模型,对待分析的车载数据进行分析,得到分析结果。Preferably, the hardware acceleration component 200 is configured to analyze the vehicle-mounted data to be analyzed according to a preset deep learning model to obtain an analysis result.

硬件加速组件200可以根据预设的深度学习模型,对待分析数据的数据流量、数据内容等进行分析,判断是否存在流量异常情况或存在异常数据等。The hardware acceleration component 200 can analyze the data flow, data content, etc. of the data to be analyzed according to a preset deep learning model, and determine whether there is any abnormal flow or abnormal data.

可选地,深度学习模型可以包括多种类型,例如,卷积神经网络(Convolutional Neural Network,简称为CNN)、长短期记忆网络(Long Short-Term Memory,简称为LSTM)、生成对抗网络(Generative Adversarial Networks,简称为GAN)等。Optionally, the deep learning model may include multiple types, for example, Convolutional Neural Network (CNN), Long Short-Term Memory (LSTM), Generative Adversarial Networks (GAN), etc.

优选的,数据处理组件300配置为:响应于检测到的分析结果为存在网络威胁,对数据交换组件100的数据交换规则进行更新。Preferably, the data processing component 300 is configured to update the data exchange rules of the data exchange component 100 in response to the detected analysis result indicating the existence of a network threat.

当数据处理组件300接收到来自硬件加速组件200的分析结果时,它会对分析结果进行分析,并检测其中是否存在网络威胁,其中,网络威胁包括:远程入侵,该网络威胁方式为攻击者可以利用车载数据中的漏洞或弱点远程入侵车辆的控制系统,这使攻击者能够操控车辆的操作,比如,控制刹车、加速和转向等;远程控制,该网络威胁方式为攻击者可以通过远程控制车辆的互联网连接,干扰车辆的操作,这会导致车辆失去控制或执行不受驾驶员控制的操作;无线信号干扰,该网络威胁方式为攻击者可以 使用无线信号干扰技术,来干扰车辆的通信系统(例如本实施例中的以太网传输系统),导致车辆的通信和控制功能受到影响;恶意软件和病毒,该网络威胁方式为车辆系统可以被车载数据中携带的恶意软件、病毒或恶意代码感染,这导致车辆操作异常、数据泄露以及其他安全问题;数据隐私问题,该网络威胁方式为连接到互联网的车辆可以收集大量的车载数据,包括位置、驾驶习惯和车辆状态等,攻击者可以劫持获取这些车载数据,侵犯车主的隐私;缺乏更新和漏洞修补,该网络威胁方式为如果车辆系统不及时更新和修补已知漏洞,攻击者可以利用这些漏洞进行攻击。本实施例中,数据处理组件300可以对分析结果中的异常流量或异常数据进行针对性分析,判断该异常流量或异常数据中是否携带有恶意软件或病毒等网络威胁,从而检测车辆是否存在网络安全风险。具体实施中,数据处理组件300也可以对硬件加速组件200传输的正常数据进行分析,例如,硬件加速组件200对待分析的车载数据进行分析得到车辆控制系统的升级数据后,数据处理组件300可以判断该升级数据是否为最新的数据,以及该升级数据中是否携带有恶意软件或病毒等,从而检测车辆是否存在网络威胁。When the data processing component 300 receives the analysis results from the hardware acceleration component 200, it analyzes the analysis results and detects whether there are network threats therein, wherein the network threats include: remote intrusion, in which the attacker can exploit loopholes or weaknesses in the vehicle data to remotely invade the vehicle's control system, which enables the attacker to manipulate the vehicle's operation, such as controlling braking, acceleration and steering; remote control, in which the attacker can interfere with the vehicle's operation by remotely controlling the vehicle's Internet connection, which can cause the vehicle to lose control or perform operations not controlled by the driver; wireless signal interference, in which the attacker can Use wireless signal interference technology to interfere with the vehicle's communication system (such as the Ethernet transmission system in this embodiment), resulting in the vehicle's communication and control functions being affected; malware and viruses, the network threat mode is that the vehicle system can be infected by malware, viruses or malicious codes carried in the vehicle data, which leads to abnormal vehicle operation, data leakage and other security issues; data privacy issues, the network threat mode is that vehicles connected to the Internet can collect a large amount of vehicle data, including location, driving habits and vehicle status, etc., and attackers can hijack and obtain these vehicle data, infringing on the owner's privacy; lack of updates and vulnerability patches, the network threat mode is that if the vehicle system does not update and patch known vulnerabilities in a timely manner, attackers can use these vulnerabilities to attack. In this embodiment, the data processing component 300 can perform targeted analysis on the abnormal traffic or abnormal data in the analysis results, determine whether the abnormal traffic or abnormal data carries network threats such as malware or viruses, and thus detect whether the vehicle has network security risks. In a specific implementation, the data processing component 300 can also analyze the normal data transmitted by the hardware acceleration component 200. For example, after the hardware acceleration component 200 analyzes the vehicle-mounted data to be analyzed and obtains the upgrade data of the vehicle control system, the data processing component 300 can determine whether the upgrade data is the latest data, and whether the upgrade data carries malware or viruses, etc., so as to detect whether the vehicle is subject to network threats.

数据处理组件300对硬件加速组件200的分析结果进行分析,确定其存在网络威胁后,数据处理组件300将触发对数据交换组件100的数据交换规则进行更新的操作。这样,数据交换组件100便会更新相应数据的传输策略,增强数据的加密和鉴别机制,或者限制特定来源的数据交换等,以提高车载数据传输的安全性和车辆通信的安全性。The data processing component 300 analyzes the analysis result of the hardware acceleration component 200. After determining that there is a network threat, the data processing component 300 will trigger the operation of updating the data exchange rules of the data exchange component 100. In this way, the data exchange component 100 will update the transmission strategy of the corresponding data, enhance the encryption and authentication mechanism of the data, or limit the data exchange of specific sources, etc., to improve the security of vehicle-mounted data transmission and vehicle communication.

示例性地,数据处理组件300检测到第一电子控制组件103发送的数据包(比如,硬件加速组件200对第一电子控制组件103发送的车载数据进行深度学习分析后的分析结果)中存在异常的网络活动,比如,出现大量未知的网络连接和频繁的端口扫描行为,数据处理组件300根据这些异常特征,判断存在网络威胁,并立即触发更新数据交换组件100的数据交换规则的操作。Exemplarily, the data processing component 300 detects abnormal network activity in a data packet sent by the first electronic control component 103 (for example, the analysis result of the hardware acceleration component 200 performing deep learning analysis on the vehicle-mounted data sent by the first electronic control component 103), such as a large number of unknown network connections and frequent port scanning behaviors. Based on these abnormal features, the data processing component 300 determines that there is a network threat and immediately triggers the operation of updating the data exchange rules of the data exchange component 100.

更新后的数据交换规则可以包括:限制与第一电子控制组件103的数据交换频率、增加数据传输的加密机制,以防止信息泄露等,这样,通过switch芯片101可以及时检测网络威胁和更新数据交换规则。switch芯片101可以及时、有效防范并应对网络威胁,从而保护车辆的通信数据安全。The updated data exchange rules may include: limiting the frequency of data exchange with the first electronic control component 103, adding an encryption mechanism for data transmission to prevent information leakage, etc. In this way, network threats can be detected and data exchange rules can be updated in a timely manner through the switch chip 101. The switch chip 101 can prevent and respond to network threats in a timely and effective manner, thereby protecting the communication data security of the vehicle.

在一些实施例中,中央网关控制器10还包括存储器,存储器配置为响 应于检测到的分析结果为未存在网络威胁,存储数据交换组件100接收的车载数据。In some embodiments, the central gateway controller 10 further includes a memory configured to respond to If the analysis result detected is that there is no network threat, the vehicle data received by the data exchange component 100 is stored.

具体地,存储器在没有发现任何网络风险或安全隐患的情况下,储存数据交换组件100接收的车载数据。上述方式可以作为一个备份机制,在正常运行时将车载数据保存以备后用。Specifically, the memory stores the vehicle data received by the data exchange component 100 when no network risk or security risk is found. The above method can be used as a backup mechanism to save the vehicle data for later use during normal operation.

举例来说,当车辆经过交通信号灯时,第二电子控制组件104将收集到的车载数据传输给switch芯片101。在正常情况下,即没有网络攻击或风险时,中央网关控制器10的存储器会存储这些车载数据,并进行后续处理和分析。这些车载数据可以被用于交通流量监测、路况优化以及智能交通管理等方面。For example, when a vehicle passes a traffic light, the second electronic control component 104 transmits the collected vehicle data to the switch chip 101. Under normal circumstances, that is, when there is no network attack or risk, the memory of the central gateway controller 10 will store these vehicle data and perform subsequent processing and analysis. These vehicle data can be used for traffic flow monitoring, road condition optimization, and intelligent traffic management.

在一些实施例中,主控芯片102和switch芯片101通过PCIe接口或RGMII接口连接。In some embodiments, the main control chip 102 and the switch chip 101 are connected via a PCIe interface or a RGMII interface.

其中,PCIe接口是一种高速串行接口,具有非常高的带宽和低延迟。PCIe接口可以支持多个通道和高速数据传输,使得连接的设备能够快速传输大量数据。RGMII接口是一种并行接口,用于传输数据。它采用4位或8位数据线进行传输,并根据时钟信号进行同步。RGMII接口通常支持千兆以太网(Gigabit Ethernet,简称为GbE)数据传输速率。这两种连接方式可以提供高速、可靠的数据传输,使得中央网关控制器10能够有效地控制和管理与switch芯片101连接的各种设备。Among them, the PCIe interface is a high-speed serial interface with very high bandwidth and low latency. The PCIe interface can support multiple channels and high-speed data transmission, allowing the connected devices to quickly transmit large amounts of data. The RGMII interface is a parallel interface for transmitting data. It uses 4-bit or 8-bit data lines for transmission and is synchronized according to a clock signal. The RGMII interface generally supports Gigabit Ethernet (GbE) data transmission rates. These two connection methods can provide high-speed and reliable data transmission, allowing the central gateway controller 10 to effectively control and manage various devices connected to the switch chip 101.

举例来说,主控芯片102通过PCIe接口与switch芯片101连接,主控芯片102可以与switch芯片101进行快速的数据传输和通信。中央网关控制器10可以通过PCIe接口监测和控制与switch芯片101连接的各个设备的状态和流量。例如,可以监测电子控制组件之间的数据传输速度,进而调整网络带宽,以保证数据中心的运行效率。For example, the main control chip 102 is connected to the switch chip 101 through a PCIe interface, and the main control chip 102 can perform fast data transmission and communication with the switch chip 101. The central gateway controller 10 can monitor and control the status and flow of each device connected to the switch chip 101 through the PCIe interface. For example, the data transmission speed between electronic control components can be monitored, and the network bandwidth can be adjusted to ensure the operation efficiency of the data center.

此外,中央网关控制器10还可以通过PCIe接口或RGMII接口与其他外部设备连接,比如,存储设备或防火墙。通过这些接口,主控芯片102可以与这些设备进行快速的数据交换和通信,实现对整个网络的全面管理和控制。In addition, the central gateway controller 10 can also be connected to other external devices, such as storage devices or firewalls, through the PCIe interface or RGMII interface. Through these interfaces, the main control chip 102 can quickly exchange and communicate data with these devices to achieve comprehensive management and control of the entire network.

在一些实施例中,数据传输接口还包括CAN接口、LIN接口、CANFD接口、FlexRay接口和Ethernet接口中的至少一个。In some embodiments, the data transmission interface further includes at least one of a CAN interface, a LIN interface, a CANFD interface, a FlexRay interface, and an Ethernet interface.

本实施例中,除利用以太网接口传输以太网数据外,还可以通过其他类型的传输接口传输其他数据,以方便不同车载数据的传输,进而利用 switch芯片101对传输的车载数据进行处理。In this embodiment, in addition to using the Ethernet interface to transmit Ethernet data, other data can also be transmitted through other types of transmission interfaces to facilitate the transmission of different vehicle-mounted data, thereby utilizing The switch chip 101 processes the transmitted vehicle data.

CAN接口是一种高可靠性、实时性强的串行总线通信标准,用于在车辆领域进行多节点通信。CAN接口用于传输车辆控制信息,例如车辆的速度、刹车状态等。CAN接口可以实现多个节点之间的实时数据传输和通信。LIN接口是一种低成本、低速率的串行总线通信标准,主要用于车辆电子系统中的低速率数据传输。LIN接口通常用于连接车内电子模块,如控制车辆门窗、座椅调节等功能。CANFD接口是CAN接口的扩展版,可以支持更高的数据传输速率和更大的数据负载。CANFD接口能够提供更高的数据传输容量,适用于需要高速数据传输的应用,例如高级驾驶辅助系统(Advanced Driver Assistance Systems,简称为ADAS)和车辆智能化等领域。FlexRay接口是一种高速、冗余、实时性强的串行总线通信标准,用于车辆电子系统中的实时数据传输和通信。FlexRay接口可以用于控制车辆的安全系统和高级驾驶辅助系统,比如,防抱死刹车系统(Anti-lock Braking System,简称为ABS)和电子稳定控制系统(Electronic Stability Control,简称为ESC)等。局域网传输协议接口(比如,Ethernet接口)被用于数据传输接口。Ethernet接口被广泛应用于车载娱乐系统、信息娱乐系统(In-Vehicle Infotainment,简称为IVI)和车载通信系统等系统中,可以支持高速数据传输和实时性要求较高的应用。这些数据传输接口在不同的系统中有各自的应用,以满足车辆的数据传输和通信的不同需求。The CAN interface is a highly reliable and real-time serial bus communication standard used for multi-node communication in the vehicle field. The CAN interface is used to transmit vehicle control information, such as the vehicle's speed, brake status, etc. The CAN interface can achieve real-time data transmission and communication between multiple nodes. The LIN interface is a low-cost, low-rate serial bus communication standard, mainly used for low-rate data transmission in vehicle electronic systems. The LIN interface is usually used to connect in-vehicle electronic modules, such as controlling vehicle doors and windows, seat adjustment and other functions. The CANFD interface is an extended version of the CAN interface that can support higher data transmission rates and larger data loads. The CANFD interface can provide higher data transmission capacity and is suitable for applications that require high-speed data transmission, such as Advanced Driver Assistance Systems (ADAS) and vehicle intelligence. The FlexRay interface is a high-speed, redundant, and real-time serial bus communication standard used for real-time data transmission and communication in vehicle electronic systems. FlexRay interface can be used to control the vehicle's safety system and advanced driver assistance system, such as Anti-lock Braking System (ABS) and Electronic Stability Control (ESC). LAN transmission protocol interface (such as Ethernet interface) is used for data transmission interface. Ethernet interface is widely used in systems such as in-vehicle entertainment system, In-Vehicle Infotainment (IVI) and in-vehicle communication system, and can support high-speed data transmission and applications with high real-time requirements. These data transmission interfaces have their own applications in different systems to meet the different needs of vehicle data transmission and communication.

图2为本公开实施例的一种数据处理方法的流程图。该数据处理方法应用于中央网关控制器10的switch芯片101,switch芯片101具有多个用于与车辆的电子控制组件连接的数据传输接口,如图2所示,数据处理方法具体包括以下步骤:FIG2 is a flow chart of a data processing method according to an embodiment of the present disclosure. The data processing method is applied to the switch chip 101 of the central gateway controller 10. The switch chip 101 has a plurality of data transmission interfaces for connecting to the electronic control components of the vehicle. As shown in FIG2, the data processing method specifically includes the following steps:

S101:通过数据传输接口接收电子控制组件发送的车载数据。S101: receiving vehicle data sent by the electronic control component through the data transmission interface.

其中,车载数据是指车辆在行驶过程中通过各种传感器获取的车辆相关数据。车载数据包括车辆的速度数据、加速度数据、转向角度数据、油耗数据、排放数据等,还包括车辆位置数据、路况数据、天气数据、交通状态数据等。Among them, vehicle-mounted data refers to vehicle-related data obtained by various sensors during driving. Vehicle-mounted data includes vehicle speed data, acceleration data, steering angle data, fuel consumption data, emission data, etc., as well as vehicle location data, road condition data, weather data, traffic status data, etc.

具体地,一个车辆网络中有多个电子控制组件,如发动机控制组件、制动控制组件和电池管理控制组件。多个电子控制组件可以为同一车辆的不同电子控制组件,也可以为不同车辆的不同电子控制组件。中央网关控 制器10中的switch芯片101的数据交换组件100,可以通过多个数据传输接口与这些电子控制组件进行通信,例如,switch芯片101通过数据传输接口接收发动机控制组件的速度数据。数据交换组件100包含内部逻辑电路,用于根据特定数据收发规则收发数据,将车载数据从车辆的电子控制组件传输到中央网关控制器10,或从中央网关控制器10发送到车辆的电子控制组件。Specifically, there are multiple electronic control components in a vehicle network, such as an engine control component, a brake control component, and a battery management control component. The multiple electronic control components can be different electronic control components of the same vehicle or different electronic control components of different vehicles. The data exchange component 100 of the switch chip 101 in the central gateway controller 10 can communicate with these electronic control components through multiple data transmission interfaces. For example, the switch chip 101 receives the speed data of the engine control component through the data transmission interface. The data exchange component 100 includes an internal logic circuit for sending and receiving data according to a specific data sending and receiving rule, and transmitting the vehicle data from the electronic control component of the vehicle to the central gateway controller 10, or sending the vehicle data from the central gateway controller 10 to the electronic control component of the vehicle.

S102:对车载数据进行分析,得到分析结果。S102: Analyze the vehicle-mounted data to obtain analysis results.

具体地,switch芯片101的数据处理组件300通过数据传输接口在接收电子控制组件发送的车载数据之后。switch芯片101的硬件加速组件200可以对这些车载数据进行快速的分析,比如,检测数据流量是否出现突增情况等数据异常状态。Specifically, after the data processing component 300 of the switch chip 101 receives the vehicle data sent by the electronic control component through the data transmission interface, the hardware acceleration component 200 of the switch chip 101 can quickly analyze the vehicle data, for example, to detect whether the data flow has a sudden increase or other data abnormality.

S103:根据分析结果,对车辆进行网络安全检测。S103: Perform network security testing on the vehicle based on the analysis results.

具体地,switch芯片101的数据处理组件300可以根据硬件加速组件200的分析结果,进行网络安全检测,判断是否存在恶意软件或网络病毒等网络威胁,以及时发现车载数据中携带的木马或漏洞等潜在的网络安全威胁,保证车辆通信安全和信息安全。Specifically, the data processing component 300 of the switch chip 101 can perform network security detection based on the analysis results of the hardware acceleration component 200 to determine whether there are network threats such as malware or network viruses, and promptly discover potential network security threats such as Trojans or vulnerabilities carried in the vehicle data, thereby ensuring vehicle communication security and information security.

本公开实施例提供的数据处理方法,可以利用中央网关控制器10的switch芯片101,通过数据传输接口接收电子控制组件发送的车载数据,对车载数据进行分析,得到分析结果,根据分析结果,对车辆进行网络安全检测,可以在switch芯片101内部完成对各个电子控制组件数据的分析和安全防护,降低主控芯片102的计算负荷,提高中央网关控制器10的性能;同时,通过在switch芯片101中进行数据分析和处理,可以减少switch芯片101与主控芯片102之间进行大量数据传输造成的数据时延,实现数据传输和处理的实时性,提高中央网关控制器10各部件的响应速度,并减少switch芯片101与主控芯片102之间的带宽需求,保证主控芯片102对其他功能数据的处理。The data processing method provided by the embodiment of the present disclosure can utilize the switch chip 101 of the central gateway controller 10 to receive the vehicle-mounted data sent by the electronic control component through the data transmission interface, analyze the vehicle-mounted data to obtain the analysis result, and perform network security detection on the vehicle according to the analysis result. The analysis and security protection of the data of each electronic control component can be completed inside the switch chip 101, the computing load of the main control chip 102 can be reduced, and the performance of the central gateway controller 10 can be improved; at the same time, by performing data analysis and processing in the switch chip 101, the data delay caused by a large amount of data transmission between the switch chip 101 and the main control chip 102 can be reduced, the real-time performance of data transmission and processing can be achieved, the response speed of each component of the central gateway controller 10 can be improved, and the bandwidth requirement between the switch chip 101 and the main control chip 102 can be reduced, so as to ensure the processing of other functional data by the main control chip 102.

在一些实施例中,步骤S101通过数据传输接口在接收电子控制组件发送的车载数据之后,该方法还包括:In some embodiments, after receiving the vehicle-mounted data sent by the electronic control component through the data transmission interface in step S101, the method further includes:

根据预设的分析规则和/或配置参数,获取待分析的车载数据。According to preset analysis rules and/or configuration parameters, the vehicle data to be analyzed is obtained.

数据交换组件100可以根据预设的分析规则和/或配置参数从接收的车载数据中,筛选获取待分析的车载数据(简称待分析数据),并将该待分 析数据发送至硬件加速组件200进行分析。The data exchange component 100 can filter and obtain the vehicle data to be analyzed (hereinafter referred to as the data to be analyzed) from the received vehicle data according to the preset analysis rules and/or configuration parameters, and The analysis data is sent to the hardware acceleration component 200 for analysis.

可选地,数据交换组件100包括获取组件,配置为根据车载数据的数据类型,获取待分析的车载数据,数据类型包括TCP数据和UDP数据。即上述预设的分析规则可以为数据类型。Optionally, the data exchange component 100 includes an acquisition component configured to acquire the vehicle data to be analyzed according to the data type of the vehicle data, and the data type includes TCP data and UDP data. That is, the above-mentioned preset analysis rule can be the data type.

数据交换组件100在接收车载数据时,可以仅接收TCP数据和UDP数据这两类数据,以根据更加准确的数据方便后续硬件加速组件200和数据处理组件300进行数据处理,从而可以更加准确的进行网络安全检测,同时,可以提高数据处理效率。When receiving vehicle-mounted data, the data exchange component 100 may only receive two types of data, TCP data and UDP data, so as to facilitate subsequent hardware acceleration component 200 and data processing component 300 to perform data processing based on more accurate data, thereby enabling more accurate network security detection and improving data processing efficiency.

另一些实施例中,预设的分析规则可以为用于识别车辆特定的行驶状态的规则,例如识别急加速、急减速、急转弯、超速等的规则,以将特殊行驶状态的数据作为待分析数据发送至硬件加速组件200。预设的分析规则也可以为数据传输端口等,例如,当数据交换组件100接收到多个数据传输端口的车载数据后,可以将预设数据传输端口的数据作为待分析数据发送至硬件加速组件200。In other embodiments, the preset analysis rules may be rules for identifying specific driving states of the vehicle, such as rules for identifying sudden acceleration, sudden deceleration, sharp turns, speeding, etc., so as to send data of special driving states as data to be analyzed to the hardware acceleration component 200. The preset analysis rules may also be data transmission ports, etc. For example, when the data exchange component 100 receives vehicle-borne data from multiple data transmission ports, the data of the preset data transmission ports may be sent to the hardware acceleration component 200 as data to be analyzed.

配置参数可以为获取待分析数据的参数,例如,车辆类型、车载数据的获取时间等。The configuration parameters may be parameters for obtaining the data to be analyzed, such as the vehicle type, the time for obtaining the vehicle data, etc.

预设的分析规则和配置参数,可以根据具体的车载数据分析需求和网络安全检测需求等进行设置和调整,从而更好地实现车载数据的分析和网络安全检测。The preset analysis rules and configuration parameters can be set and adjusted according to specific vehicle data analysis needs and network security detection needs, so as to better realize vehicle data analysis and network security detection.

在一些实施例中,步骤S102中,对车载数据进行分析,得到分析结果,包括:In some embodiments, in step S102, the vehicle-mounted data is analyzed to obtain analysis results, including:

根据预设的深度学习模型,对待分析的车载数据进行分析,得到分析结果。According to the preset deep learning model, the vehicle-mounted data to be analyzed is analyzed to obtain the analysis results.

硬件加速组件200可以根据预设的深度学习模型,对待分析数据的数据流量、数据内容等进行分析,判断是否存在流量异常情况或存在异常数据等。深度学习模型可以包括多种类型,例如卷积神经网络、长短期记忆网络、生成对抗网络等。The hardware acceleration component 200 can analyze the data flow, data content, etc. of the data to be analyzed according to the preset deep learning model, and determine whether there is abnormal flow or abnormal data, etc. The deep learning model can include various types, such as convolutional neural networks, long short-term memory networks, generative adversarial networks, etc.

在一些实施例中,步骤S103中,根据分析结果,对车辆进行网络安全检测,包括:In some embodiments, in step S103, based on the analysis results, a network security test is performed on the vehicle, including:

响应于检测到的分析结果为存在网络威胁,对数据交换组件100的数据交换规则进行更新。 In response to the detected analysis result indicating the existence of a network threat, the data exchange rules of the data exchange component 100 are updated.

数据处理组件300接收到来自硬件加速组件200的分析结果后,可以对分析结果中的异常流量或异常数据进行针对性分析,判断该异常流量或异常数据中是否携带有恶意软件或病毒等网络威胁,从而检测车辆是否存在网络安全风险。具体实施中,数据处理组件300也可以对硬件加速组件200传输的正常数据进行分析,例如,硬件加速组件200对待分析的车载数据进行分析得到车辆控制系统的升级数据后,数据处理组件300可以判断该升级数据是否为最新的数据,以及该升级数据中是否携带有恶意软件或病毒等,从而检测车辆是否存在网络威胁。After receiving the analysis results from the hardware acceleration component 200, the data processing component 300 can conduct targeted analysis on the abnormal traffic or abnormal data in the analysis results to determine whether the abnormal traffic or abnormal data carries network threats such as malware or viruses, thereby detecting whether the vehicle has network security risks. In a specific implementation, the data processing component 300 can also analyze the normal data transmitted by the hardware acceleration component 200. For example, after the hardware acceleration component 200 analyzes the vehicle-mounted data to be analyzed to obtain the upgrade data of the vehicle control system, the data processing component 300 can determine whether the upgrade data is the latest data, and whether the upgrade data carries malware or viruses, etc., thereby detecting whether the vehicle has network threats.

数据处理组件300对硬件加速组件200的分析结果进行分析,确定其存在网络威胁后,数据处理组件300将触发对数据交换组件100的数据交换规则进行更新操作。这样,数据交换组件100便会更新相应数据的传输策略,增强数据的加密和鉴别机制,或者限制特定来源的数据交换等,以提高车载数据传输的安全性和车辆通信的安全性。The data processing component 300 analyzes the analysis result of the hardware acceleration component 200, and after determining that there is a network threat, the data processing component 300 will trigger an update operation on the data exchange rules of the data exchange component 100. In this way, the data exchange component 100 will update the transmission strategy of the corresponding data, enhance the encryption and authentication mechanism of the data, or limit the data exchange of specific sources, etc., to improve the security of vehicle-mounted data transmission and vehicle communication.

示例性地,数据处理组件300检测到第一电子控制组件103发送的数据包(比如,硬件加速组件200对第一电子控制组件103发送的车载数据进行深度学习分析后的分析结果)中存在异常的网络活动,比如,出现大量未知的网络连接和频繁的端口扫描行为,数据处理组件300根据这些异常特征,判断存在网络威胁,并立即触发更新数据交换组件100的数据交换规则的操作。Exemplarily, the data processing component 300 detects abnormal network activity in a data packet sent by the first electronic control component 103 (for example, the analysis result of the hardware acceleration component 200 performing deep learning analysis on the vehicle-mounted data sent by the first electronic control component 103), such as a large number of unknown network connections and frequent port scanning behaviors. Based on these abnormal features, the data processing component 300 determines that there is a network threat and immediately triggers the operation of updating the data exchange rules of the data exchange component 100.

更新后的数据交换规则可以包括:限制与第一电子控制组件103的数据交换频率、增加数据传输的加密机制,以防止信息泄露等,这样,通过switch芯片101可以及时检测网络威胁和更新数据交换规则。switch芯片101可以及时、有效防范并应对网络威胁,从而保护车辆的通信数据安全。The updated data exchange rules may include: limiting the frequency of data exchange with the first electronic control component 103, adding an encryption mechanism for data transmission to prevent information leakage, etc. In this way, network threats can be detected and data exchange rules can be updated in a timely manner through the switch chip 101. The switch chip 101 can prevent and respond to network threats in a timely and effective manner, thereby protecting the communication data security of the vehicle.

下面以具体的应用场景为例,对数据处理方法进行具体描述。图3为本公开实施例的另一种数据处理方法的流程图,如图3所示,数据处理方法的具体步骤包括:The following is a detailed description of the data processing method using a specific application scenario as an example. FIG3 is a flow chart of another data processing method according to an embodiment of the present disclosure. As shown in FIG3 , the specific steps of the data processing method include:

S201:开始;S201: Start;

S202:数据交换组件100从不同数据传输端口接收车载数据;S202: The data exchange component 100 receives vehicle data from different data transmission ports;

S203:数据交换组件100根据配置参数将指定协议的车载数据转发给硬件加速组件200;S203: the data exchange component 100 forwards the vehicle-mounted data of the specified protocol to the hardware acceleration component 200 according to the configuration parameters;

S204:硬件加速组件200对指定协议的车载数据进行深度学习分析; S204: The hardware acceleration component 200 performs deep learning analysis on the vehicle-mounted data of the specified protocol;

S205:硬件加速组件200将深度学习模型的分析结果发送给数据处理组件300;S205: The hardware acceleration component 200 sends the analysis result of the deep learning model to the data processing component 300;

S206:判断是否检测到网络风险/威胁;S206: Determine whether a network risk/threat is detected;

在该实施例中,可以判断是否检测到了网络风险或者网络威胁,若未检测到,则执行步骤S202(存储车载数据);若检测到,则执行步骤S207;In this embodiment, it can be determined whether a network risk or a network threat is detected. If not, step S202 (storing vehicle data) is executed; if detected, step S207 is executed;

S207:数据处理组件300对数据交换规则进行更新;S207: The data processing component 300 updates the data exchange rule;

S208:结束。S208: End.

需要说明的是,本公开实施例提供的中央网关控制器10与上述实施例中的数据处理方法相对应,基于上述的中央网关控制器10,本领域的技术人员能够了解本公开实施例中数据处理方法具体实施方式以及其各种变化形式,中央网关控制器10实施例中的任何可选项也适用于数据处理方法,在此不再赘述。It should be noted that the central gateway controller 10 provided in the embodiment of the present disclosure corresponds to the data processing method in the above-mentioned embodiment. Based on the above-mentioned central gateway controller 10, technicians in this field can understand the specific implementation method of the data processing method in the embodiment of the present disclosure and its various variations. Any optional options in the embodiment of the central gateway controller 10 are also applicable to the data processing method, which will not be repeated here.

本公开实施例,还提供了一种处理器。图4为本公开实施例的一种处理器的结构示意图,如图4所示,该处理器4000被设置为运行程序,其中,程序被该处理器运行时执行上述实施例中的方法。The embodiment of the present disclosure further provides a processor. Figure 4 is a schematic diagram of the structure of a processor in the embodiment of the present disclosure. As shown in Figure 4, the processor 4000 is configured to run a program, wherein the program executes the method in the above embodiment when the processor runs it.

在本公开实施例中,上述处理器4000可以执行上述实施例中的方法的运行程序。In the embodiment of the present disclosure, the processor 4000 may execute the operating program of the method in the embodiment.

可选地,处理器4000可以被设置为执行下述步骤:通过数据传输接口接收电子控制组件发送的车载数据;对车载数据进行分析,得到分析结果;根据分析结果,对车辆进行网络安全检测。Optionally, the processor 4000 can be configured to perform the following steps: receiving vehicle-mounted data sent by the electronic control component through a data transmission interface; analyzing the vehicle-mounted data to obtain analysis results; and performing network security testing on the vehicle based on the analysis results.

可选地,处理器4000可以被设置为执行下述步骤:在接收电子控制组件发送的车载数据之后,该方法还包括:根据预设的分析规则和/或配置参数,获取待分析的车载数据;对车载数据进行分析,得到分析结果,包括:根据预设的深度学习模型,对待分析的车载数据进行分析,得到分析结果;根据分析结果,对车辆进行网络安全检测,包括:响应于检测到的分析结果为存在网络威胁,对数据交换组件的数据交换规则进行更新。Optionally, the processor 4000 can be configured to perform the following steps: after receiving the in-vehicle data sent by the electronic control component, the method also includes: obtaining the in-vehicle data to be analyzed according to preset analysis rules and/or configuration parameters; analyzing the in-vehicle data to obtain analysis results, including: analyzing the in-vehicle data to be analyzed according to a preset deep learning model to obtain analysis results; performing network security detection on the vehicle based on the analysis results, including: in response to the detected analysis result that there is a network threat, updating the data exchange rules of the data exchange component.

可选地,处理器4000还可以被设置为执行下述步骤:根据分析结果,对车辆进行网络安全检测,包括:响应于检测到的分析结果为未存在网络威胁,存储数据交换组件接收的车载数据。Optionally, the processor 4000 may also be configured to perform the following steps: performing a network security check on the vehicle based on the analysis result, including: in response to the detected analysis result being that no network threat exists, storing the vehicle-mounted data received by the data exchange component.

可选地,处理器4000还可以被设置为执行下述步骤:根据车载数据的数据类型,获取待分析的车载数据,其中,数据类型传输控制协议包括TCP 数据和用户数据报协议UDP数据。Optionally, the processor 4000 may also be configured to perform the following steps: obtaining the vehicle data to be analyzed according to the data type of the vehicle data, wherein the data type transmission control protocol includes TCP data and User Datagram Protocol UDP data.

图5为本公开实施例的一种计算机程序产品的流程图,如图5所示,本公开实施例还提供了一种计算机程序产品,该计算机程序产品5000包括非易失性计算机可读存储介质,该非易失性计算机可读存储介质存储计算机程序,该计算机程序被处理器执行时实现本公开实施例中提供的方法。Figure 5 is a flowchart of a computer program product according to an embodiment of the present disclosure. As shown in Figure 5, an embodiment of the present disclosure further provides a computer program product. The computer program product 5000 includes a non-volatile computer-readable storage medium. The non-volatile computer-readable storage medium stores a computer program. When the computer program is executed by a processor, the method provided in the embodiment of the present disclosure is implemented.

本公开实施例还提供了一种计算机程序,计算机程序被处理器执行时实现本公开实施例中提供的方法。The embodiments of the present disclosure also provide a computer program, which implements the method provided in the embodiments of the present disclosure when the computer program is executed by a processor.

可选地,上述计算机程序被处理器执行时实现如下步骤的程序代码:通过数据传输接口接收电子控制组件发送的车载数据;对车载数据进行分析,得到分析结果;根据分析结果,对车辆进行网络安全检测。Optionally, the computer program described above implements the following steps when executed by a processor: receiving vehicle-mounted data sent by an electronic control component through a data transmission interface; analyzing the vehicle-mounted data to obtain analysis results; and performing network security testing on the vehicle based on the analysis results.

可选地,上述计算机程序被处理器执行时实现如下步骤的程序代码:在接收电子控制组件发送的车载数据之后,该方法还包括:根据预设的分析规则和/或配置参数,获取待分析的车载数据;对车载数据进行分析,得到分析结果,包括:根据预设的深度学习模型,对待分析的车载数据进行分析,得到分析结果;根据分析结果,对车辆进行网络安全检测,包括:响应于检测到的分析结果为存在网络威胁,对数据交换组件的数据交换规则进行更新。Optionally, the above-mentioned computer program implements the program code of the following steps when executed by the processor: after receiving the on-board data sent by the electronic control component, the method also includes: obtaining the on-board data to be analyzed according to preset analysis rules and/or configuration parameters; analyzing the on-board data to obtain analysis results, including: analyzing the on-board data to be analyzed according to a preset deep learning model to obtain analysis results; performing network security detection on the vehicle according to the analysis results, including: in response to the detected analysis result that there is a network threat, updating the data exchange rules of the data exchange component.

可选地,上述计算机程序被处理器执行时实现如下步骤的程序代码:根据分析结果,对车辆进行网络安全检测,包括:响应于检测到的分析结果为未存在网络威胁,存储数据交换组件接收的车载数据。Optionally, the computer program described above implements the following program code when executed by a processor: based on the analysis result, performing a network security check on the vehicle, including: in response to the detected analysis result that no network threat exists, storing the vehicle-mounted data received by the data exchange component.

可选地,述计算机程序被处理器执行时实现如下步骤的程序代码:根据车载数据的数据类型,获取待分析的车载数据,其中,数据类型传输控制协议包括TCP数据和用户数据报协议UDP数据。Optionally, the computer program implements the following program code when executed by the processor: obtaining the vehicle data to be analyzed according to the data type of the vehicle data, wherein the data type transmission control protocol includes TCP data and User Datagram Protocol UDP data.

图6为本公开实施例的一种计算机可读存储介质的流程图,如图6所示,本公开实施例还提供一种计算机可读存储介质,该计算机可读介质6000存储有计算机程序,计算机程序被处理器执行时实现上述方法的步骤。FIG6 is a flowchart of a computer-readable storage medium according to an embodiment of the present disclosure. As shown in FIG6 , the present disclosure further provides a computer-readable storage medium, wherein the computer-readable medium 6000 stores a computer program, and the steps of the above method are implemented when the computer program is executed by a processor.

本公开实施例的计算机可读存储介质,可以采用一个或多个计算机可读的介质的任意组合。计算机可读介质可以是计算机可读信号介质或者计算机可读存储介质。计算机可读存储介质例如可以是——但不限于——电、磁、光、电磁、红外线、或半导体的系统、装置或器件,或者任意以上的组合。本公开实施例中,计算机可读存储介质可以是任何包含或存储程序 的有形介质,该程序可以被指令执行系统、装置或者器件使用或者与其结合使用,例如,可以为上述的存储器。The computer-readable storage medium of the embodiments of the present disclosure may adopt any combination of one or more computer-readable media. The computer-readable medium may be a computer-readable signal medium or a computer-readable storage medium. The computer-readable storage medium may be, for example, but not limited to, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, device, or device, or any combination thereof. In the embodiments of the present disclosure, the computer-readable storage medium may be any computer-readable medium that contains or stores a program. The program may be used by or in conjunction with an instruction execution system, apparatus, or device, for example, the memory described above.

图7为本公开实施例的一种电子设备的流程图,如图7所示,本公开实施例还提供一种电子设备,该电子设备7000至少包括存储器和处理器,存储器上存储有计算机程序,处理器在执行存储器上的计算机程序时实现上述方法的步骤。FIG7 is a flow chart of an electronic device according to an embodiment of the present disclosure. As shown in FIG7 , an embodiment of the present disclosure further provides an electronic device, wherein the electronic device 7000 includes at least a memory and a processor, wherein a computer program is stored in the memory, and the processor implements the steps of the above method when executing the computer program in the memory.

在一些实施例中,执行算机程序的处理器可以是包括一个以上通用处理设备的处理设备,诸如微处理器等。更具体地,该处理器可以是复杂指令集计算(CISC)微处理器、精简指令集计算(RISC)微处理器、超长指令字(VLIW)微处理器、运行其他指令集的处理器或运行指令集的组合的处理器。该处理器还可以是一个以上专用处理设备,诸如专用集成电路(ASIC)、现场可编程门阵列(FPGA)、数字信号处理器(DSP)、片上系统(SoC)等。In some embodiments, the processor that executes the computer program may be a processing device including one or more general-purpose processing devices, such as a microprocessor, etc. More specifically, the processor may be a complex instruction set computing (CISC) microprocessor, a reduced instruction set computing (RISC) microprocessor, a very long instruction word (VLIW) microprocessor, a processor that runs other instruction sets, or a processor that runs a combination of instruction sets. The processor may also be one or more special-purpose processing devices, such as an application-specific integrated circuit (ASIC), a field programmable gate array (FPGA), a digital signal processor (DSP), a system on a chip (SoC), etc.

存储器可以是只读存储器(ROM)、随机存取存储器(RAM)、相变随机存取存储器(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、电可擦除可编程只读存储器(EEPROM)、其他类型的随机存取存储器(RAM)、闪存盘或其他形式的闪存、缓存、寄存器、静态存储器、光盘只读存储器(CD-ROM)、数字通用光盘(DVD)或其他光学存储器、盒式磁带或其他磁存储设备,或被用于储存能够被计算机设备访问的信息或指令的任何其他可能的非暂时性的介质等。The memory may be a read-only memory (ROM), a random access memory (RAM), a phase-change random access memory (PRAM), a static random access memory (SRAM), a dynamic random access memory (DRAM), an electrically erasable programmable read-only memory (EEPROM), other types of random access memory (RAM), a flash disk or other form of flash memory, a cache, a register, a static memory, a compact disk read-only memory (CD-ROM), a digital versatile disk (DVD) or other optical storage, a cassette or other magnetic storage device, or any other possible non-transitory medium used to store information or instructions that can be accessed by a computer device.

本实施例中,电子设备优选为包含上述switch芯片101的中央网关控制器10,处理器包括数据交换组件100、硬件加速组件200和数据处理组件300,存储器为switch芯片101的存储器。In this embodiment, the electronic device is preferably a central gateway controller 10 including the above-mentioned switch chip 101, the processor includes a data exchange component 100, a hardware acceleration component 200 and a data processing component 300, and the memory is the memory of the switch chip 101.

本领域技术人员可以理解,电子设备可以包括更多或更少的部件,例如,还可包括通信接口等,或者组合某些部件,或者不同的部件布置。Those skilled in the art will appreciate that the electronic device may include more or fewer components, for example, may further include a communication interface, etc., or may combine certain components, or arrange the components differently.

本公开实施例的电子设备可以包括但不限于诸如服务器、台式计算机、数字TV等能够进行邮件传输的固定终端设备,以及诸如车载设备(例如车载多媒体设备)、手持设备(例如手机、平板电脑等)、可穿戴设备(例如智能手表、智能手环等)等能够进行邮件传输的移动终端设备。The electronic devices of the embodiments of the present disclosure may include, but are not limited to, fixed terminal devices capable of email transmission such as servers, desktop computers, digital TVs, etc., and mobile terminal devices capable of email transmission such as vehicle-mounted devices (such as vehicle-mounted multimedia devices), handheld devices (such as mobile phones, tablet computers, etc.), wearable devices (such as smart watches, smart bracelets, etc.), etc.

需要说明的是,本公开上述的存储介质可以是计算机可读信号介质或者计算机可读存储介质或者是上述两者的任意组合。计算机可读存储介质 例如可以是——但不限于——电、磁、光、电磁、红外线,或半导体的系统、装置或器件,或者任意以上的组合。计算机可读存储介质的更具体的例子可以包括但不限于:具有一个或多个导线的电连接、便携式计算机磁盘、硬盘、随机访问存储器(RAM)、只读存储器(ROM)、可擦式可编程只读存储器(EPROM或闪存)、光纤、便携式紧凑磁盘只读存储器(CD-ROM)、光存储器件、磁存储器件,或者上述的任意合适的组合。It should be noted that the storage medium mentioned above in the present disclosure may be a computer-readable signal medium or a computer-readable storage medium or any combination of the above two. For example, it may be - but not limited to - an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, device or device, or any combination of the above. More specific examples of computer-readable storage media may include, but are not limited to: an electrical connection with one or more wires, a portable computer disk, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the above.

以上描述仅为本公开的较佳实施例以及对所运用技术原理的说明。本领域技术人员应当理解,本公开中所涉及的公开范围,并不限于上述技术特征的特定组合而成的技术方案,同时也应涵盖在不脱离上述公开构思的情况下,由上述技术特征或其等同特征进行任意组合而形成的其他技术方案。例如上述特征与本公开中公开的(但不限于)具有类似功能的技术特征进行互相替换而形成的技术方案。The above description is only a preferred embodiment of the present disclosure and an explanation of the technical principles used. Those skilled in the art should understand that the scope of disclosure involved in the present disclosure is not limited to the technical solutions formed by a specific combination of the above technical features, but should also cover other technical solutions formed by any combination of the above technical features or their equivalent features without departing from the above disclosed concept. For example, the above features are replaced with the technical features with similar functions disclosed in the present disclosure (but not limited to) by each other to form a technical solution.

此外,虽然采用特定次序描绘了各操作,但是这不应当理解为要求这些操作以所示出的特定次序或以顺序次序执行来执行。在一定环境下,多任务和并行处理可能是有利的。同样地,虽然在上面论述中包含了若干具体实现细节,但是这些不应当被解释为对本公开的范围的限制。在单独的实施例的上下文中描述的某些特征还可以组合地实现在单个实施例中。相反地,在单个实施例的上下文中描述的各种特征也可以单独地或以任何合适的子组合的方式实现在多个实施例中。In addition, although each operation is described in a specific order, this should not be understood as requiring these operations to be performed in the specific order shown or in a sequential order. Under certain circumstances, multitasking and parallel processing may be advantageous. Similarly, although some specific implementation details are included in the above discussion, these should not be interpreted as limiting the scope of the present disclosure. Some features described in the context of a separate embodiment can also be implemented in a single embodiment in combination. On the contrary, the various features described in the context of a single embodiment can also be implemented in multiple embodiments individually or in any suitable sub-combination mode.

工业实用性Industrial Applicability

本公开实施例提供的方案可以为一种中央网关控制器,包括交换switch芯片,switch芯片具有多个用于与车辆的电子控制组件连接的数据传输接口,switch芯片包括数据交换组件、硬件加速组件和数据处理组件,数据交换组件配置为通过数据传输接口收发车辆的车载数据,硬件加速组件配置为对车载数据进行分析,得到分析结果;数据处理组件配置为根据硬件加速组件的分析结果,对车辆进行网络安全检测,从而解决switch芯片向主控芯片传输大量数据增加主控芯片负载,导致延迟和带宽浪费的技术问题,实现了switch芯片向主控芯片传输大量数据增加主控芯片负载,不会导致延迟和带宽浪费的技术效果。 The solution provided by the embodiment of the present disclosure may be a central gateway controller, including a switching switch chip, the switch chip having multiple data transmission interfaces for connecting to the electronic control components of the vehicle, the switch chip including a data exchange component, a hardware acceleration component and a data processing component, the data exchange component being configured to receive and send on-board data of the vehicle through the data transmission interface, the hardware acceleration component being configured to analyze the on-board data to obtain an analysis result; the data processing component being configured to perform network security detection on the vehicle according to the analysis result of the hardware acceleration component, thereby solving the technical problem that a large amount of data transmitted from the switch chip to the main control chip increases the load of the main control chip, causing delays and bandwidth waste, and achieving the technical effect that a large amount of data transmitted from the switch chip to the main control chip increases the load of the main control chip without causing delays and bandwidth waste.

Claims (15)

一种中央网关控制器,包括交换switch芯片,所述switch芯片具有多个用于与车辆的电子控制组件连接的数据传输接口,所述switch芯片包括数据交换组件、硬件加速组件和数据处理组件,所述数据交换组件配置为通过所述数据传输接口收发所述车辆的车载数据,所述硬件加速组件配置为对所述车载数据进行分析,得到分析结果;所述数据处理组件配置为根据所述硬件加速组件的所述分析结果,对所述车辆进行网络安全检测。A central gateway controller includes a switching switch chip, the switch chip has multiple data transmission interfaces for connecting to electronic control components of a vehicle, the switch chip includes a data exchange component, a hardware acceleration component and a data processing component, the data exchange component is configured to send and receive vehicle-mounted data of the vehicle through the data transmission interface, the hardware acceleration component is configured to analyze the vehicle-mounted data to obtain an analysis result; the data processing component is configured to perform network security detection on the vehicle according to the analysis result of the hardware acceleration component. 根据权利要求1所述的中央网关控制器,其中,所述数据交换组件还配置为根据预设的分析规则和/或配置参数,将待分析的所述车载数据发送至所述硬件加速组件;The central gateway controller according to claim 1, wherein the data exchange component is further configured to send the vehicle data to be analyzed to the hardware acceleration component according to preset analysis rules and/or configuration parameters; 所述硬件加速组件配置为根据预设的深度学习模型,对待分析的所述车载数据进行分析,得到分析结果;The hardware acceleration component is configured to analyze the vehicle-mounted data to be analyzed according to a preset deep learning model to obtain an analysis result; 所述数据处理组件配置为响应于检测到的所述分析结果为存在网络威胁,对所述数据交换组件的数据交换规则进行更新。The data processing component is configured to update the data exchange rules of the data exchange component in response to the detected analysis result indicating the presence of a network threat. 根据权利要求2所述的中央网关控制器,其中,所述数据交换组件包括获取组件,配置为根据所述车载数据的数据类型,获取待分析的所述车载数据,所述数据类型包括传输控制协议TCP数据和用户数据报协议UDP数据。The central gateway controller according to claim 2, wherein the data exchange component includes an acquisition component configured to acquire the vehicle data to be analyzed according to a data type of the vehicle data, the data type including transmission control protocol TCP data and user datagram protocol UDP data. 根据权利要求1所述的中央网关控制器,其中,还包括存储器,所述存储器配置为响应于检测到的所述分析结果为未存在网络威胁,存储所述数据交换组件接收的所述车载数据。The central gateway controller according to claim 1, further comprising a memory, wherein the memory is configured to store the vehicle data received by the data exchange component in response to the analysis result being detected as no network threat existing. 根据权利要求1所述的中央网关控制器,其中,所述中央网关控制器还包括与所述switch芯片连接的主控芯片,所述主控芯片和所述switch芯片通过高速串行PCIe接口或吉比特介质独立RGMII接口连接。The central gateway controller according to claim 1, wherein the central gateway controller also includes a main control chip connected to the switch chip, and the main control chip and the switch chip are connected through a high-speed serial PCIe interface or a gigabit medium independent RGMII interface. 根据权利要求1所述的中央网关控制器,其中,所述数据传输接口为物理层PHY以太网物理接口,所述车载数据为车载以太网数据。The central gateway controller according to claim 1, wherein the data transmission interface is a physical layer PHY Ethernet physical interface, and the in-vehicle data is in-vehicle Ethernet data. 根据权利要求1所述的中央网关控制器,其中,所述数据传输接口还包括控制器局域网络CAN接口、局部互联网络LIN接口、另一种CAN接口CANFD接口、实时通信协议FlexRay接口和局域网传输协议Ethernet接口中的至少一个。The central gateway controller according to claim 1, wherein the data transmission interface further comprises at least one of a controller area network (CAN) interface, a local interconnect network (LIN) interface, another CAN interface (CANFD) interface, a real-time communication protocol (FlexRay) interface, and a local area network transmission protocol (Ethernet) interface. 一种数据处理方法,应用于中央网关控制器的交换switch芯片,所述switch芯片具有多个用于与车辆的电子控制组件连接的数据传输接口,所述方法包括: A data processing method is applied to a switch chip of a central gateway controller, wherein the switch chip has a plurality of data transmission interfaces for connecting to an electronic control component of a vehicle, and the method comprises: 通过所述数据传输接口接收所述电子控制组件发送的车载数据;Receiving the vehicle-mounted data sent by the electronic control component through the data transmission interface; 对所述车载数据进行分析,得到分析结果;Analyzing the vehicle-mounted data to obtain analysis results; 根据所述分析结果,对所述车辆进行网络安全检测。Based on the analysis result, a network security check is performed on the vehicle. 根据权利要求8所述的数据处理方法,其中,在接收所述电子控制组件发送的车载数据之后,所述方法还包括:根据预设的分析规则和/或配置参数,获取待分析的所述车载数据;The data processing method according to claim 8, wherein, after receiving the vehicle-mounted data sent by the electronic control component, the method further comprises: acquiring the vehicle-mounted data to be analyzed according to preset analysis rules and/or configuration parameters; 对所述车载数据进行分析,得到分析结果,包括:Analyze the vehicle-mounted data to obtain analysis results, including: 根据预设的深度学习模型,对待分析的所述车载数据进行分析,得到所述分析结果;Analyze the vehicle-mounted data to be analyzed according to a preset deep learning model to obtain the analysis result; 根据所述分析结果,对所述车辆进行网络安全检测,包括:According to the analysis result, the vehicle is subjected to network security detection, including: 响应于检测到的所述分析结果为存在网络威胁,对所述数据交换组件的数据交换规则进行更新。In response to the detected analysis result indicating the presence of a network threat, the data exchange rule of the data exchange component is updated. 根据权利要求8所述的数据处理方法,根据所述分析结果,对所述车辆进行网络安全检测,包括:According to the data processing method of claim 8, performing network security detection on the vehicle according to the analysis result comprises: 响应于检测到的所述分析结果为未存在网络威胁,存储所述数据交换组件接收的所述车载数据。In response to the analysis result being detected as no network threat, the vehicle-mounted data received by the data exchange component is stored. 根据权利要求9所述的数据处理方法,所述方法还包括:The data processing method according to claim 9, further comprising: 根据所述车载数据的数据类型,获取待分析的所述车载数据,其中,所述数据类型包括传输控制协议TCP数据和用户数据报协议UDP数据。The in-vehicle data to be analyzed is acquired according to a data type of the in-vehicle data, wherein the data type includes transmission control protocol TCP data and user datagram protocol UDP data. 一种计算机程序产品,其中,包括非易失性计算机可读存储介质,所述非易失性计算机可读存储介质存储计算机程序,所述计算机程序被处理器执行时实现权利要求8至11任意一项所述的方法。A computer program product, comprising a non-volatile computer-readable storage medium, wherein the non-volatile computer-readable storage medium stores a computer program, and when the computer program is executed by a processor, the method according to any one of claims 8 to 11 is implemented. 一种计算机程序,其中,所述计算机程序被处理器执行时实现权利要求8至11任意一项所述的方法。A computer program, wherein when the computer program is executed by a processor, the method according to any one of claims 8 to 11 is implemented. 一种计算机可读存储介质,其上存储有计算机程序,其中,该程序被处理器执行时实现权利要求8至11中任一项所述的方法的步骤。A computer-readable storage medium having a computer program stored thereon, wherein when the program is executed by a processor, the steps of the method described in any one of claims 8 to 11 are implemented. 一种电子设备,其中,包括:An electronic device, comprising: 一个或多个处理器;以及one or more processors; and 与所述一个或多个处理器关联的存储器,所述存储器用于存储程序指令,所述程序指令在被所述一个或多个处理器读取执行时,执行权利要求8至11中任一项所述的方法的步骤。 A memory associated with the one or more processors, the memory being used to store program instructions, wherein the program instructions, when read and executed by the one or more processors, execute the steps of the method described in any one of claims 8 to 11.
PCT/CN2024/106023 2023-09-19 2024-07-17 Central gateway controller and data processing method Pending WO2025060637A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202311212169.9 2023-09-19
CN202311212169.9A CN117176770A (en) 2023-09-19 2023-09-19 Central gateway controller and data processing method

Publications (1)

Publication Number Publication Date
WO2025060637A1 true WO2025060637A1 (en) 2025-03-27

Family

ID=88944904

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2024/106023 Pending WO2025060637A1 (en) 2023-09-19 2024-07-17 Central gateway controller and data processing method

Country Status (2)

Country Link
CN (1) CN117176770A (en)
WO (1) WO2025060637A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117176770A (en) * 2023-09-19 2023-12-05 中国第一汽车股份有限公司 Central gateway controller and data processing method
CN118075315A (en) * 2024-04-22 2024-05-24 南京仁芯科技有限公司 Vehicle-mounted SerDes chip, vehicle-mounted data transmission system including same, and vehicle

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109391566A (en) * 2019-01-08 2019-02-26 广州众志诚信息科技有限公司 ETBN backbone switches core board, control method and device
CN209072531U (en) * 2019-01-08 2019-07-05 清远众志诚科技有限公司 TRDP protocol switch
US20190319883A1 (en) * 2016-12-29 2019-10-17 Huawei Technologies Co., Ltd. Bum Traffic Control Method, Related Apparatus, and System
CN110391975A (en) * 2018-04-20 2019-10-29 比亚迪股份有限公司 Information exchange system and vehicle based on in-vehicle Ethernet
US20210001880A1 (en) * 2018-12-28 2021-01-07 Baidu Online Network Technology (Beijing) Co., Ltd. Vehicle-mounted control unit, and method and apparatus for fpga based automatic driving of vehicle
CN113448299A (en) * 2020-03-25 2021-09-28 北京新能源汽车股份有限公司 Vehicle gateway controller, information processing method and vehicle
CN117176770A (en) * 2023-09-19 2023-12-05 中国第一汽车股份有限公司 Central gateway controller and data processing method

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190319883A1 (en) * 2016-12-29 2019-10-17 Huawei Technologies Co., Ltd. Bum Traffic Control Method, Related Apparatus, and System
CN110391975A (en) * 2018-04-20 2019-10-29 比亚迪股份有限公司 Information exchange system and vehicle based on in-vehicle Ethernet
US20210001880A1 (en) * 2018-12-28 2021-01-07 Baidu Online Network Technology (Beijing) Co., Ltd. Vehicle-mounted control unit, and method and apparatus for fpga based automatic driving of vehicle
CN109391566A (en) * 2019-01-08 2019-02-26 广州众志诚信息科技有限公司 ETBN backbone switches core board, control method and device
CN209072531U (en) * 2019-01-08 2019-07-05 清远众志诚科技有限公司 TRDP protocol switch
CN113448299A (en) * 2020-03-25 2021-09-28 北京新能源汽车股份有限公司 Vehicle gateway controller, information processing method and vehicle
CN117176770A (en) * 2023-09-19 2023-12-05 中国第一汽车股份有限公司 Central gateway controller and data processing method

Also Published As

Publication number Publication date
CN117176770A (en) 2023-12-05

Similar Documents

Publication Publication Date Title
US11755713B2 (en) System and method for controlling access to an in-vehicle communication network
JP6994123B2 (en) Security for container networks
Wu et al. Sliding window optimized information entropy analysis method for intrusion detection on in-vehicle networks
US12107876B2 (en) Intrusion path analysis device and intrusion path analysis method
WO2025060637A1 (en) Central gateway controller and data processing method
US10440120B2 (en) System and method for anomaly detection in diagnostic sessions in an in-vehicle communication network
US10798114B2 (en) System and method for consistency based anomaly detection in an in-vehicle communication network
CN111448787B (en) Systems and methods for providing secure in-vehicle networks
CN111726774A (en) Method, device, device and storage medium for defending against attacks
US20180004964A1 (en) Security system and method for protecting a vehicle electronic system
CN108111510A (en) A kind of in-vehicle network intrusion detection method and system
JP6782842B2 (en) Methods and electronic monitoring units for communication networks
Huang et al. On the security of in-vehicle hybrid network: Status and challenges
Nowdehi et al. CASAD: CAN-aware stealthy-attack detection for in-vehicle networks
US10326788B1 (en) Systems and methods for identifying suspicious controller area network messages
US20190268368A1 (en) Method for a communications network, and electronic monitoring unit (as amended)
CN108390869A (en) The vehicle intelligent gateway apparatus and its command sequence detection method of integrated deep learning
Rahal et al. Antibotv: A multilevel behaviour-based framework for botnets detection in vehicular networks
Kwon et al. Mitigation mechanism against in-vehicle network intrusion by reconfiguring ECU and disabling attack packet
Zhang et al. Risk analysis of CAN bus and Ethernet communication security for intelligent connected vehicles
Khan et al. Long short-term memory neural networks for false information attack detection in software-defined in-vehicle network
Erickson et al. Commpact: Evaluating the feasibility of autonomous vehicle contracts
WO2024006147A1 (en) Security subsystem for remote attestation
Rosell et al. A frequency-based data mining approach to enhance in-vehicle network intrusion detection
EP4387165A1 (en) Detecting anomalous communications

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 24867055

Country of ref document: EP

Kind code of ref document: A1