-
公开(公告)号:US11411761B2
公开(公告)日:2022-08-09
申请号:US16962100
申请日:2018-12-21
发明人: Toshiki Shibahara , Takuma Koyama , Yasushi Okano
IPC分类号: H04L12/28 , B60R16/023 , H04L5/00 , H04L9/40 , H04N21/835 , H04L12/40
摘要: A detection device includes: an object data extraction unit that extracts, from one or more pieces of communication data which are transmitted from one or more electronic control units, at least part of a payload contained in communication data that satisfies a predetermined condition, information by which the communication interval between the communication data can be calculated, and a serial number of the communication data as object data; a partial sequence creation unit that creates, using the extracted object data, a partial sequence containing information corresponding to at least part of a payload and information indicating a communication interval from two or more pieces of object data with the same serial number; and a detection unit that detects, using the created partial sequence, predetermined communication data based on the order relation between at least part of a payload and the corresponding part of another payload and a communication interval. The predetermined condition is a condition for extracting only communication data which is transmitted periodically and also in conjunction with a predetermined event.
-
2.发明授权公开(公告)号:US11856006B2
公开(公告)日:2023-12-26
申请号:US16761040
申请日:2018-11-14
发明人: Takuma Koyama , Yasushi Okano , Masashi Tanaka
IPC分类号: H04L9/40 , G06N20/20 , B60R16/023 , G06F18/21
CPC分类号: H04L63/1408 , B60R16/0232 , G06F18/217 , G06N20/20
摘要: There is provided an abnormal communication detection apparatus capable of reducing over-detection. The abnormal communication detection apparatus includes: a receiving part receiving communication data for learning that includes an identifier and communication data for detection that includes the identifier; a knowledge information acquiring part acquiring knowledge information that is information about at least either temporal characteristics or payload characteristics of the communication data for learning; an allocation rule generating part generating allocation rules that are rules for specifying which communication data having which identifier is to be allocated to which detector among a plurality of detectors, based on the knowledge information; an allocating part allocating the communication data to any of the detectors based on the allocation rules; and the plurality of detectors each of which learns, when the communication data for learning is allocated, a model for detecting whether the communication data allocated to the detector is normal or abnormal, and detects, when the communication data for detection is allocated, whether the communication data for detection is normal or abnormal based on the learned model.
-
公开(公告)号:US11863574B2
公开(公告)日:2024-01-02
申请号:US17280823
申请日:2019-10-10
发明人: Keita Hasegawa , Takuma Koyama , Yasushi Okano , Masashi Tanaka
IPC分类号: H04L9/40 , H04W12/122 , H04W4/46
CPC分类号: H04L63/1425 , H04W4/46 , H04W12/122
摘要: A storage processing unit configured to store, in a storage unit, first data output by a device or any one of multiple devices in association with a first feature context related to the first data, and an analyzing unit configured to obtain a second feature context related to second data in a case where the second data is received from the device or any one of the multiple devices, and analyze an anomaly of the received second data based on the received second data and the obtained second feature context and based on the first data and the first feature context stored in the storage unit, are provided.
-
公开(公告)号:US11528325B2
公开(公告)日:2022-12-13
申请号:US17281539
申请日:2019-10-10
发明人: Keita Hasegawa , Takuma Koyama , Yasushi Okano , Masashi Tanaka
摘要: A device includes a memory; and a processor configured to execute first determining, for each data item generated in the device, a priority upon transmitting said each data item to an information processing apparatus, based on one or more rules set in advance; second determining, for said each data item, whether or not it is necessary to transmit said each data item to the information processing apparatus, based on the priority determined for said each data item; and transmitting a data item to the information processing apparatus among data items generated in the device for a predetermined period of time, the data item being determined by the second determining that it is necessary to transmit the data item to the information processing apparatus.
-
公开(公告)号:US12063236B2
公开(公告)日:2024-08-13
申请号:US17283214
申请日:2019-10-10
发明人: Yasushi Okano , Masashi Tanaka , Takuma Koyama , Keita Hasegawa
CPC分类号: H04L63/1425 , H04L63/1466
摘要: An information processing apparatus includes a generation unit configured to generate, from a log obtained from a device, a graph structure indicating one or more associations between one or more processes and one or more objects related to the one or more processes, and an identifying unit configured to, in a case where one of objects of the device is specified, identify at least one process related to the specified one of the objects, based on the generated graph structure, and identify one or more objects related to the identified at least one process.
-
公开(公告)号:US11962605B2
公开(公告)日:2024-04-16
申请号:US17280835
申请日:2019-10-10
发明人: Takuma Koyama , Keita Hasegawa , Yasushi Okano , Masashi Tanaka
CPC分类号: H04L63/1416 , G06F11/0751 , G06F21/552 , G06F21/554
摘要: A storage processing unit configured to store, in a storage unit, first data output by a device or any one of multiple devices in association with first context information related to the first data, and a determining unit configured to obtain second context information related to second data in a case where the second data is received from the device or any one of the multiple devices, and determine whether an analysis of the received second data is necessary based on the received second data and the obtained second context information and based on the first data and the first context information stored in the storage unit, are provided.
-
7.发明授权公开(公告)号:US11588827B2
公开(公告)日:2023-02-21
申请号:US16755205
申请日:2018-10-23
发明人: Yasushi Okano , Takuma Koyama
IPC分类号: H04L9/40 , G06N20/00 , H04L12/40 , H04L12/413
摘要: An attack communication detection device that is robust against a deviation from the design value of a communication interval is provided. The attack communication detection device is an attack communication detection device that detects an attack communication from a communication of each electronic control unit in a communication network and includes: a receiving unit that receives communication data for detection which may or may not include an attack communication; a sum-of-communication-intervals calculation unit that calculates the sum of communication intervals, which is the sum of two adjacent communication intervals, of the communication data for detection; an estimated distribution model storage that stores in advance an estimated distribution model of a communication interval and the sum of communication intervals of communication data for learning which does not include an attack communication; and a detection unit that detects whether or not the communication data for detection includes an attack communication based on the estimated distribution model and the sum of communication intervals of the communication data for detection.
-
公开(公告)号:US11128400B2
公开(公告)日:2021-09-21
申请号:US16761833
申请日:2018-11-14
发明人: Takuma Koyama , Masashi Tanaka , Yasushi Okano
摘要: A bit assignment estimating device that accurately estimates bit assignment of a payload with fewer division patterns is provided. The bit assignment estimating device: divides a payload of received communication data to generate a plurality of blocks; estimates bit assignment of a block to be a certain value type; concatenates a block, which is adjacent to either of a block or a concatenation block which is estimated to be the continuous value type at a higher-order bit side, to the block or the concatenation block which is estimated to be the continuous value type when the block adjacent is estimated to be the status value type or the continuous value type; estimates whether the concatenation block is the continuous value type or not; and separates an immediately-close-concatenated block from a corresponding concatenation block when the concatenation block is estimated not to be the continuous value type.
-
-
-
-
-
-
-
搜索结果
8 条记录 (耗时 0.017 秒)
