公开(公告)号：US20210273966A1

公开(公告)日：2021-09-02

申请号：US17322371

申请日：2021-05-17

Applicant: Panasonic Intellectual Property Corporation of America

Inventor： Takamitsu SASAKI ,  Tomoyuki HAGA ,  Daiki TANAKA ,  Makoto YAMADA ,  Hisashi KASHIMA ,  Takeshi KISHIKAWA

IPC: H04L29/06 ,  H04L12/40

Abstract: In an anomaly detection method that determines whether each frame in observation data constituted by a collection of frames sent and received over a communication network system is anomalous, a difference between a data distribution of a feature amount extracted from the frame in the observation data and a data distribution for a collection of frames sent and received over the communication network system, obtained at a different timing from the observation data, is calculated. A frame having a feature amount for which the difference is predetermined value or higher is determined to be an anomalous frame. An anomaly contribution level of feature amounts extracted from the frame determined to be an anomalous frame is calculated, and an anomalous payload part, which is at least one part of the payload corresponding to the feature amount for which the anomaly contribution level is at least the predetermined value, is output.

公开(公告)号：US20210226872A1

公开(公告)日：2021-07-22

申请号：US17201839

申请日：2021-03-15

Applicant: PANASONIC INTELLECTUAL PROPERTY CORPORATION OF AMERICA

Inventor： Yoshihiro UJIIE ,  Tomoyuki HAGA ,  Manabu MAEDA ,  Hideki MATSUSHIMA ,  Takeshi KISHIKAWA ,  Junichi TSURUMI ,  Hisashi KASHIMA ,  Yukino TORIUMI ,  Takuya KUWAHARA

IPC: H04L12/26 ,  H04L12/40 ,  H04L29/06 ,  H04W4/48 ,  H04L12/24

Abstract: An abnormality detection method is provided. The abnormality detection method is for detecting an abnormality that may be transmitted to a bus in an on-board network system. The on-board network system includes a plurality of electronic controllers that transmit and receive messages via the bus in a mobility entity. In the abnormality detection method, for example, a gateway transmits identification information to a server and receives a response determining a unit time. An operation process is performed using feature information based on a number of messages received from the bus per the determined unit time and using a model indicating a criterion in terms of a message occurrence frequency. A judgment is made as to an abnormality according to a result of the operation process.