Centralized controller management and anomaly detection
First Claim
1. A system for providing security on externally connected electronic control units (ECUs) of automobiles, the system comprising:
- a processor and computer-readable memory, the computer-readable memory comprising instructions that, when executed by the processor, cause the processor to perform operations comprising;
receiving, at a server system, operation information for a plurality of instances of an ECU, the plurality of instances being installed across a plurality of devices, and the operation information comprising malware reports that identify malware on the plurality of instances of the ECU;
statistically analyzing, by the server system, the received operation information, wherein the statistically analyzing comprises identifying an operation from the received operation information that is outside of determined normal operations of the ECU, wherein the determined normal operations include a baseline of frequencies of function call sequences performed by the ECU;
identifying, by the server system, one or more anomalous ECU behaviors based on the statistical analysis; and
providing, by the server system, information regarding the one or more anomalous ECU behaviors on the ECU as a potential security threat.
2 Assignments
0 Petitions
Accused Products
Abstract
In one implementation, a method for providing security on externally connected controllers includes receiving, at a server system, operation information for a plurality of instances of a controller, the plurality of instances being installed across a plurality of devices; statistically analyzing, by the server system, the operation information; identifying, by the server system, one or more anomalous controller behaviors based on the statistical analysis; and providing, by the server system, information regarding the one or more anomalous controller behaviors on the controller as potential security threats.
17 Citations
25 Claims
-
1. A system for providing security on externally connected electronic control units (ECUs) of automobiles, the system comprising:
a processor and computer-readable memory, the computer-readable memory comprising instructions that, when executed by the processor, cause the processor to perform operations comprising; receiving, at a server system, operation information for a plurality of instances of an ECU, the plurality of instances being installed across a plurality of devices, and the operation information comprising malware reports that identify malware on the plurality of instances of the ECU; statistically analyzing, by the server system, the received operation information, wherein the statistically analyzing comprises identifying an operation from the received operation information that is outside of determined normal operations of the ECU, wherein the determined normal operations include a baseline of frequencies of function call sequences performed by the ECU; identifying, by the server system, one or more anomalous ECU behaviors based on the statistical analysis; and providing, by the server system, information regarding the one or more anomalous ECU behaviors on the ECU as a potential security threat. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
11. A method for providing security on externally connected electronic control units (ECUs) of automobiles, the method comprising:
-
receiving, at a server system, operation information for a plurality of instances of an ECU, the plurality of instances being installed across a plurality of devices, and the operation information comprising malware reports that identify malware on the plurality of instances of the ECU; statistically analyzing, by the server system, the received operation information, wherein the statistically analyzing comprises identifying an operation from the received operation information that is outside of determined normal operations of the ECU, wherein the determined normal operations include a baseline of frequencies of function call sequences performed by the ECU; identifying, by the server system, one or more anomalous ECU behaviors based on the statistical analysis; and providing, by the server system, information regarding the one or more anomalous ECU behaviors on the ECU as a potential security threat. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method for providing security on externally connected electronic control units (ECUs) of automobiles, the method comprising:
-
receiving, at a server system, real-time information identifying malware blocked by a security middleware layer running on an ECU that is part of a device, wherein the malware is associated with a deviation from determined normal operations of the ECU, wherein the determined normal operations include a baseline of frequencies of function call sequences performed by the ECU; aggregating, by the server system, the real-time information with real-time information from other ECUs; determining, by the server system, aggregate information related to the blocked malware on the ECU; generating, by the server system, a report that includes information identifying the blocked malware on the ECU and the aggregate information; and transmitting, by the server system and in real-time, the report to a client computing device for a user who is associated with the ECU. - View Dependent Claims (22, 23, 24, 25)
-
Specification