公开(公告)号：US12047398B2

公开(公告)日：2024-07-23

申请号：US18077205

申请日：2022-12-07

Applicant: Intel Corporation

Inventor： Marcio Juliato ,  Manoj Sastry ,  Michael Kara-Ivanov ,  Aviad Kipnis ,  Shabbir Ahmed ,  Christopher Gutierrez ,  Vuk Lesi

IPC: H04L9/40 ,  H04L12/40 ,  H04L47/31

CPC classification number: H04L63/1416 ,  H04L12/40 ,  H04L47/31 ,  H04L63/0236 ,  H04L63/126 ,  H04L63/1466 ,  H04L2012/40215

Abstract: Techniques and screening messages based on tags in an automotive environment, such as, messages communicated via a communication bus, like the CAN bus. Messages can be tagged with either a binary or probabilistic tag indicating whether the message is fraudulent. ECUs coupled to the CAN bus can receive the messages and the message tags and can determine whether to fully consume the message based on the tag.

公开(公告)号：US12045348B2

公开(公告)日：2024-07-23

申请号：US17867780

申请日：2022-07-19

Applicant: INTEL CORPORATION

Inventor： Christopher N. Gutierrez ,  Marcio Juliato ,  Shabbir Ahmed ,  Qian Wang ,  Manoj Sastry ,  Liuyang L Yang ,  Xiruo Liu

IPC: G06F21/56

CPC classification number: G06F21/566 ,  G06F2221/034

Abstract: Logic may implement observation layer intrusion detection systems (IDSs) to combine observations by intrusion detectors and/or other intrusion detection systems. Logic may monitor one or more control units at one or more observation layers of an in-vehicle network, each of the one or more control units to perform a vehicle function. Logic may combine observations of the one or more control units at the one or more observation layers. Logic may determine, based on a combination of the observations, that one or more of the observations represent an intrusion. Logic may determine, based at least on the observations, characteristics of an attack, and to pass the characteristics of the attack information to a forensic logging system to log the attack or pass the characteristics of the attack to a recovery system for informed selection of recovery procedures. Logic may dynamically adjust a threshold for detection of suspicious activity.

公开(公告)号：US20240179160A1

公开(公告)日：2024-05-30

申请号：US18526456

申请日：2023-12-01

Applicant: Intel Corporation

Inventor： Marcio Rogerio Juliato ,  Shabbir Ahmed ,  Santosh Ghosh ,  Christopher Gutierrez ,  Manoj R. Sastry

IPC: H04L9/40 ,  H04L12/40

CPC classification number: H04L63/1416 ,  H04L12/40 ,  H04L12/40136 ,  H04L63/1466 ,  H04L2012/40215

Abstract: Various systems and methods for bus-off attack detection are described herein. An electronic device for bus-off attack detection and prevention includes bus-off prevention circuitry coupled to a protected node on a bus, the bus-off prevention circuitry to: detect a transmitted message from the protected node to the bus; detect a bit mismatch of the transmitted message on the bus; suspend further transmissions from the protected node while the bus is analyzed; determine whether the bit mismatch represents a bus fault or an active attack against the protected node; and signal the protected node indicating whether a fault has occurred.

公开(公告)号：US11930365B2

公开(公告)日：2024-03-12

申请号：US17742890

申请日：2022-05-12

Applicant: Intel Corporation

Inventor： Liuyang Yang ,  Xiruo Liu ,  Manoj Sastry ,  Marcio Juliato ,  Shabbir Ahmed ,  Christopher Gutierrez

IPC: G06F21/00 ,  G06F13/40 ,  H04W12/00 ,  H04W12/122

CPC classification number: H04W12/122 ,  G06F13/40 ,  H04W12/009

Abstract: Systems, apparatus, methods, and techniques for reporting an attack or intrusion into an in-vehicle network are provided. The attack can be broadcast to connected vehicles over a vehicle-to-vehicle network. The broadcast can include an indication of a sub-system involved in the attack and can include a request for assistance in recovering from the attack. Connected vehicles can broadcast responses over the vehicle-to-vehicle network. The responses can include indications of data related to the compromised sub-system. The vehicle can receive the responses and can use the responses to recover from the attack, such as, estimate data.

公开(公告)号：US11720662B2

公开(公告)日：2023-08-08

申请号：US16994219

申请日：2020-08-14

Applicant: Intel Corporation

Inventor： Eduardo Alban ,  Shabbir Ahmed ,  Marcio Juliato ,  Christopher Gutierrez ,  Qian Wang ,  Vuk Lesi ,  Manoj Sastry

IPC: G06F21/44 ,  G06F21/85 ,  H04L12/40 ,  G06F13/20

CPC classification number: G06F21/44 ,  G06F13/20 ,  G06F21/85 ,  H04L12/40 ,  H04L2012/40215 ,  H04L2012/40273

Abstract: Systems, apparatuses, and methods to identify an electronic control unit transmitting a message on a communication bus, such as an in-vehicle network bus, are provided. ECUs transmit messages by manipulating voltage on conductive lines of the bus. Observation circuitry can observe voltage signals associated with the transmission at a point on the in-vehicle network bus. A distribution can be generated from densities of the voltage signals. ECUs can be identified and/or fingerprinted based on the distributions.

公开(公告)号：US20220303034A1

公开(公告)日：2022-09-22

申请号：US17829042

申请日：2022-05-31

Applicant: INTEL CORPORATION

Inventor： Vuk Lesi ,  Christopher Gutierrez ,  Manoj Sastry ,  Marcio Juliato ,  Shabbir Ahmed ,  Qian Wang

IPC: H04J3/06

Abstract: Techniques for clock manager monitoring for time sensitive networks are described. An apparatus, comprises a clock circuitry to manage a clock for a device, a processing circuitry coupled to the clock circuitry, the processing circuitry to execute instructions to perform operations for a clock manager, the clock manager to receive messages with time information for a network and generate clock manager control information to adjust the clock to a network time for the network, and a detector coupled to the processing circuitry and the clock circuitry, the detector to receive the clock manager control information, generate model control information based on a clock model, compare the clock manager control information with the model control information to generate difference information, and determine whether to generate an alert based on the difference information. Other embodiments are described and claimed.

公开(公告)号：US11444961B2

公开(公告)日：2022-09-13

申请号：US16723142

申请日：2019-12-20

Applicant: Intel Corporation

Inventor： Marcio Juliato ,  Vuk Lesi ,  Shabbir Ahmed ,  Christopher Gutierrez ,  Manoj Sastry ,  Liuyang Yang ,  Xiruo Liu

IPC: G06F11/00 ,  H04L9/40 ,  G05B19/042 ,  G05D1/00

Abstract: Systems, methods, computer-readable storage media, and apparatuses to provide active attack detection in autonomous vehicle networks. An apparatus may comprise a plurality of electronic control units communicably coupled by a network, and logic, at least a portion of which is implemented in hardware, the logic to: receive an indication from a first electronic control unit (ECU) of the plurality of ECUs specifying to transmit a first data frame via the network, determine, based on a message identifier (ID) of the first ECU, whether a transmit window for the first ECU is open, and permit the first ECU to transmit the first data frame via the network based on a determination that the transmit window for the first ECU is open.

公开(公告)号：US20220277077A1

公开(公告)日：2022-09-01

申请号：US17742865

申请日：2022-05-12

Applicant: Intel Corporation

Inventor： Marcio Juliato ,  Manoj Sastry ,  Shabbir Ahmed ,  Christopher Gutierrez ,  Qian Wang ,  Vuk Lesi

IPC: G06F21/55 ,  G06F21/85 ,  G06F21/71

Abstract: A platform comprising numerous reconfigurable circuit components arranged to operate as primary and redundant circuits is provided. The platform further comprises security circuitry arranged to monitor the primary circuit for anomalies and reconfigurable circuit arranged to disconnect the primary circuit from a bus responsive to detection of an anomaly. Furthermore, the present disclosure provides for the quarantine, refurbishment and designation as redundant, the anomalous circuit.

公开(公告)号：US11423145B2

公开(公告)日：2022-08-23

申请号：US16727565

申请日：2019-12-26

Applicant: Intel Corporation

Inventor： Christopher N. Gutierrez ,  Marcio Juliato ,  Shabbir Ahmed ,  Qian Wang ,  Manoj Sastry ,  Liuyang L. Yang ,  Xiruo Liu

IPC: G06F21/56

Abstract: Logic may implement observation layer intrusion detection systems (IDSs) to combine observations by intrusion detectors and/or other intrusion detection systems. Logic may monitor one or more control units at one or more observation layers of an in-vehicle network, each of the one or more control units to perform a vehicle function. Logic may combine observations of the one or more control units at the one or more observation layers. Logic may determine, based on a combination of the observations, that one or more of the observations represent an intrusion. Logic may determine, based at least on the observations, characteristics of an attack, and to pass the characteristics of the attack information to a forensic logging system to log the attack or pass the characteristics of the attack to a recovery system for informed selection of recovery procedures. Logic may dynamically adjust a threshold for detection of suspicious activity.

公开(公告)号：US11409286B2

公开(公告)日：2022-08-09

申请号：US16718495

申请日：2019-12-18

Applicant: Intel Corporation

Inventor： Marcio Juliato ,  Christopher Gutierrez ,  Shabbir Ahmed ,  Manoj Sastry ,  Liuyang Yang ,  Xiruo Liu

IPC: G05D1/00 ,  G06N5/04 ,  G06F16/901 ,  G06K9/62

Abstract: Systems, methods, computer program products, and apparatuses for low latency, fully reconfigurable hardware logic for ensemble classification methods, such as random forests. An apparatus may comprise circuitry for an interconnect and circuitry for a random forest implemented in hardware. The random forest comprising a plurality of decision trees connected via the interconnect, each decision tree comprising a plurality of nodes connected via the interconnect. A first decision tree of the plurality of decision trees comprising a first node of the plurality of nodes to: receive a plurality of elements of feature data via the interconnect, select a first element of feature data, of the plurality of elements of feature data, based on a configuration of the first node, and generate an output based on the first element of feature data, an operation, and a reference value, the operation and reference value specified in the configuration of the first node.