-
公开(公告)号:US11943243B2
公开(公告)日:2024-03-26
申请号:US17322371
申请日:2021-05-17
Inventor: Takamitsu Sasaki , Tomoyuki Haga , Daiki Tanaka , Makoto Yamada , Hisashi Kashima , Takeshi Kishikawa
CPC classification number: H04L63/1425 , H04L12/40 , H04L63/1466 , H04L2012/40215 , H04L2463/142
Abstract: In an anomaly detection method that determines whether each frame in observation data constituted by a collection of frames sent and received over a communication network system is anomalous, a difference between a data distribution of a feature amount extracted from the frame in the observation data and a data distribution for a collection of frames sent and received over the communication network system, obtained at a different timing from the observation data, is calculated. A frame having a feature amount for which the difference is predetermined value or higher is determined to be an anomalous frame. An anomaly contribution level of feature amounts extracted from the frame determined to be an anomalous frame is calculated, and an anomalous payload part, which is at least one part of the payload corresponding to the feature amount for which the anomaly contribution level is at least the predetermined value, is output.
-
公开(公告)号:US11930021B2
公开(公告)日:2024-03-12
申请号:US17354213
申请日:2021-06-22
Inventor: Takeshi Kishikawa , Ryo Hirano , Yoshihiro Ujiie , Tomoyuki Haga
CPC classification number: H04L63/1416 , H04L63/1466 , H04L63/20 , H04L67/12
Abstract: An unauthorized frame detection device that can keep an unauthorized ECU from spoofing as a legitimate server or client while suppressing an overhead during communication is provided. The unauthorized frame detection device includes a plurality of communication ports corresponding to the respective of networks, a communication controller, and an unauthorized frame detector. The plurality of communication ports are each connected to a corresponding predetermined network among the plurality of networks and each transmit or receive a frame via the predetermined network. The unauthorized frame detector determines whether an identifier of a service, a type of the service, and port information that are each included in the frame match a permission rule set in advance and outputs a result of the determination.
-
公开(公告)号:US11838303B2
公开(公告)日:2023-12-05
申请号:US16919809
申请日:2020-07-02
Inventor: Manabu Maeda , Jun Anzai , Takeshi Kishikawa
CPC classification number: H04L63/1425 , B60R16/023 , G06F11/3013 , G06F11/3476 , H04L9/3242 , H04W4/48 , H04L12/40013
Abstract: A log generation method for generating a log of communication on an in-vehicle network includes: performing a plurality of determination processes for determining, by using different methods, whether or not a message sent to the in-vehicle network is anomalous; generating a log in accordance with results of the plurality of determination processes; and transmitting the generated log. In the generating, information items to be included in the log are determined in accordance with a combination of the results of the plurality of determination processes so that the log does not include identical information items.
-
公开(公告)号:US11792219B2
公开(公告)日:2023-10-17
申请号:US17738837
申请日:2022-05-06
Inventor: Ryo Hirano , Yoshihiro Ujiie , Takeshi Kishikawa
IPC: H04L9/40 , H04L41/0681 , H04L47/10
CPC classification number: H04L63/1425 , H04L41/0681 , H04L47/10 , H04L63/1458
Abstract: An anomaly detecting device includes a flow collector that collects an amount of flow communication traffic in each of two or more networks in an in-vehicle network system that including the two or more networks, the amount of flow communication traffic being information obtained by tallying an amount of communication traffic of one or more frames classified according to a predetermined rule that is based on header information of a network protocol; and an anomaly detector that calculates, based on the amount of flow communication traffic, an observed ratio indicating a ratio of respective amounts of communication traffic in the two or more networks and determines whether the two or more networks are anomalous based on the observed ratio calculated and a normal ratio indicating a ratio of respective amounts of communication traffic in the two or more networks in a normal state.
-
公开(公告)号:US11636201B2
公开(公告)日:2023-04-25
申请号:US17132824
申请日:2020-12-23
Inventor: Yoshihiro Ujiie , Hideki Matsushima , Tomoyuki Haga , Yuji Unagami , Takeshi Kishikawa
Abstract: A method used in an on-board network system, having electronic controllers that exchange messages and a fraud detecting electronic controller. The method includes determining whether a message transmitted conforms to fraud detection rules, and querying an external device whether there is delivery data for updating the fraud detection rules. When there is the delivery data for updating the fraud detection rules, receiving from an external device the delivery data, including updated fraud detection rules and network type information indicating a network type that the updated fraud detection rules are to be applied. The method also includes determining whether a vehicle in which the on-board network system is installed is running, and whether the network type information indicates a drive network that is connected to an electronic controller related to travel of the vehicle. When the network type information does not indicate the drive network, updating the fraud detection rules.
-
Patent Agency Ranking
26.发明授权公开(公告)号:US11636196B2
公开(公告)日:2023-04-25
申请号:US17122659
申请日:2020-12-15
Inventor: Takeshi Kishikawa , Yoshihiro Ujiie , Manabu Maeda , Hideki Matsushima , Hiroshi Amano , Toshihisa Nakano
Abstract: A misuse detection method used in an electronic control unit in a vehicle network system including multiple electronic control units that communicate with one another through networks. The misuse detection method includes receiving a target data frame at one time point, and receiving a reference data frame at another time point different than the one time point. The misuse detection method further includes performing, as misuse detection for the target data frame based on a certain rule specifying a reception interval between the one time point at which the target data frame is received and the other time point at which the reference data frame is received, and determining the target data frame received is for misuse based on a length of the reception interval.
-
27.发明授权公开(公告)号:US11569984B2
公开(公告)日:2023-01-31
申请号:US17036470
申请日:2020-09-29
Inventor: Yoshihiro Ujiie , Jun Anzai , Yoshihiko Kitamura , Masato Tanabe , Takeshi Kishikawa
IPC: H04L9/08 , H04L9/40 , B60R16/023 , H04L67/12
Abstract: A key management method serves as an electronic control unit (ECU) in an onboard network system having a plurality of ECUs that perform communication by frames via a network. The method includes storing a shared key and executing encryption processing based on the shared key. The method further includes executing inspection of a security state of the shared key stored in a case where a vehicle is in at least one of the following particular states: the vehicle is not driving and is an accessory-on state; a fuel cap of the vehicle is open, and the vehicle is not driving and is fueling; the vehicle is parked, which is indicated by the gearshift; the vehicle is in a stopped state before driving, which is indicated by the gearshift; and a charging plug is connected to the vehicle, and the vehicle is electrically charging.
-
28.发明授权公开(公告)号:US11190533B2
公开(公告)日:2021-11-30
申请号:US16237243
申请日:2018-12-31
Inventor: Junichi Tsurumi , Yoshihiro Ujiie , Takamitsu Sasaki , Takeshi Kishikawa , Tohru Wakabayashi , Toshihisa Nakano
IPC: H04L29/06 , H04L12/28 , B60R1/00 , B60R16/023 , H04L12/40
Abstract: An anomaly detection electronic control unit (ECU) that detects unauthorized messages on a communication path is provided. An ECU that periodically transmits a first-type message including data to be monitored, and an ECU that periodically transmits a second-type message including data for comparison, are connected to the communication path. The anomaly detection ECU includes: a receiver that successively receives first-type and second-type messages; a processor that determines whether a first-type message received is normal or anomalous; and a transmitter that transmits a predetermined message in accordance with results of the determining. The determining is performed based on content of the first-type message, content of a second-type message last received at the time of receiving this first-type message, and at least one of content of a first-type message received further in the past than this first-type message, and content of a second-type message received further in the past than the second-type message last received.
-
公开(公告)号:US10986008B2
公开(公告)日:2021-04-20
申请号:US16026040
申请日:2018-07-02
Inventor: Yoshihiro Ujiie , Tomoyuki Haga , Manabu Maeda , Hideki Matsushima , Takeshi Kishikawa , Junichi Tsurumi , Hisashi Kashima , Yukino Toriumi , Takuya Kuwahara
Abstract: An abnormality detection method is provided. The abnormality detection method is for detecting an abnormality that may be transmitted to a bus in an on-board network system. The on-board network system includes a plurality of electronic controllers that transmit and receive messages via the bus in a vehicle according to a CAN protocol. In the abnormality detection method, for example, a gateway transmits vehicle identification information to a server and receives a response determining a unit time. An operation process is performed using feature information based on a number of messages received from the bus per the determined unit time and using a model indicating a criterion in terms of a message occurrence frequency. A judgment is made as to an abnormality according to a result of the operation process.
-
公开(公告)号:US10911182B2
公开(公告)日:2021-02-02
申请号:US16237327
申请日:2018-12-31
Inventor: Takeshi Kishikawa , Tatsumi Oba , Manabu Maeda
IPC: H04L1/00 , H04L1/16 , G07C5/08 , G06K9/62 , H04L1/24 , H04W40/24 , H04L12/715 , H04W76/40 , H04L9/32
Abstract: An information processing method performed by an information processing system including a storage device to process a plurality of data frames flowing in an in-vehicle network including at least one electronic control unit includes a receiving step of sequentially receiving a plurality of data frames flowing in the in-vehicle network, a frame collection step of recording, in a reception log held in the storage device, reception interval information indicating reception intervals between the plurality of data frames as frame information, a feature acquisition step of acquiring, from the reception interval information, a feature relating to distribution of the reception intervals between the plurality of data frames, and an unauthorized data presence determination step of determining the presence/absence of an unauthorized data frame among the plurality of data frames.
-
-
-
-
-
-
-
-
-
Search Results
106
records
(took 0.023 seconds)
