-
1.发明公开
公开(公告)号:EP4145765A1
公开(公告)日:2023-03-08
申请号:EP22191648.9
申请日:2022-08-23
发明人: ROSADINI, Christian , CHIARELLI, Simona , NESCI, Walter , SAPONARA, Sergio , GAGLIARDI, Alessio , DINI, Pierpaolo
摘要: Described herein is a method for protection from cyber attacks in a communication network, in particular a CAN (Controller Area Network), of a vehicle, the network comprising:
a communication bus (10), in particular a CAN-bus, and
a plurality of nodes (11) associated to said communication bus (10) in a signal-exchange relationship and associated at least in part to control units for controlling functions of the vehicle,
said nodes (11) exchanging messages (M) passing between nodes of said plurality of nodes (11), and
said messages (M) being identified by respective message identifiers (ID),
said method comprising, at a control node (20) associated to said communication bus (10):
selecting, from among the messages (M) exchanged between the nodes, periodic messages having a transmission periodicity,
grouping (200) said periodic messages into respective groups according to the respective period (T i ), and
performing a procedure (300) of analysis of messages of the nodes (11) that exchange said received periodic messages, which comprises, for each group of transmission periodicity:
obtaining times of arrival (ai) at the respective nodes (11) of a set of periodic messages that have the same message identifier (ID),
computing (312) as a function of said arrival times (ai) average-offset values (O avg ) over successive subsets, of a given number (N) of messages, of said set of received messages,
accumulating (314) said average-offset values (O avg ) for each identifier (ID) with respect to each successive subset to obtain accumulated-offset values (O acc [k]) for each successive subset and a respective identifier (ID),
identifying (316) linear parameters (e[k], S[k]) by computing a regression over said accumulated-offset values (O acc [k]) for each successive subset and respective identifier (ID), said computation comprising computing an angular coefficient, or slope, of the regression, and an intercept, or identification error,
computing (318), on the basis of average-offset values (O avg ) obtained at the step of computing (312) as a function of said arrival times (a i ) average-offset values (O avg ) over successive subsets, a correlation coefficient (p) of the average offset (O avg ) of pairs of messages identified as coming from one and the same node,
performing a first check (350) to check whether the correlation coefficient (p) is higher than a first given threshold,
performing a second check (330) to check whether the angular coefficient (S[k]) between two consecutive messages with the same identifier is higher than a second given threshold,
performing a third check (340) to check whether the intercept (e[k]) between two consecutive messages is higher than a third given threshold, and
supplying the results of said first check (350), said second check (330), and said third check (340) to a message-classification operation (360), configured to supply (RC) a confirmation of classification of the messages according to the transmitting node (11) and message identifier (ID) or an indication of classification error as a function of said results.-
2.发明授权
公开(公告)号:EP3498559B1
公开(公告)日:2020-09-16
申请号:EP18210037.0
申请日:2018-12-04
-
公开(公告)号:EP3821427A1
公开(公告)日:2021-05-19
申请号:EP19759744.6
申请日:2019-07-11
-
-
搜索结果
3 条记录 (耗时 0.009 秒)
