Vehicle correlation system for cyber attacks detection and method thereof
First Claim
1. A vehicle correlation system for detection of a probability of at least one cyber-attack on one or more vehicles the system comprising:
- a. a plurality of first embedded software modules each installed within one of a plurality of vehicles;
b. a plurality of second embedded software modules each installed within a road infrastructure, wherein the road infrastructure is vehicle traffic related infrastructure and is selected from a group consisting of traffic light infrastructure, stop light infrastructure, railroad crossing infrastructure, and highway interchange infrastructure;
c. a detection server communicating with the plurality of first embedded software modules and the plurality of second embedded software modules via a network;
wherein the plurality of first embedded software modules and the plurality of second embedded software modules are operable to transmit metadata to the detection server;
wherein the detection server indicates a probability of a cyber-attack against one or more vehicles based on a correlation calculation between the metadata received from one or more of the plurality of first embedded software modules and metadata received from one or more of the plurality of second embedded software modules, wherein the identified probability of a cyber-attack is of a cyber-attack effecting at least one of vehicle functioning, vehicle safety, and integrity of data transmitted from one or more of the plurality of vehicles, and wherein the detection server is configured to initiate blocking vehicle-to-vehicle communication to prevent a further spread of the suspect and/or the identified threat;
wherein the detection server uses geographic information system (GIS) for calculating the correlation;
wherein the correlation is indicative of a member selected from a group consisting of;
threat to one or more of the plurality of vehicles, an identified attack originated from the plurality of multiple vehicles, wherein the correlation identifies infection and spread of the identified cyber-attack based on vehicle-to-vehicle communication;
wherein the metadata is associated with at least one of data communicated among the plurality of vehicles and data between one or more of the plurality of vehicles and the infrastructure, the metadata comprises data parameters selected from a group consisting of;
a location of one or more of the plurality of vehicles, geographic information, a vehicle unique identification, an event time, one or more vehicle-to-vehicle communication parameters, one or more vehicle-to-infrastructure communication parameters, one or more vehicle-to-cloud communication parameters, metadata of software applications used in one or more of the plurality of vehicles.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for detection of at least one cyber-attack on one or more vehicles including steps of transmitting and/or receiving by a first on-board agent module installed within one or more vehicles and/or a second on-board agent module installed within road infrastructure and in a range of communication with said first on-board agent module metadata to and/or from an on-site and/or remote cloud-based detection server including a correlation engine; detecting cyberattacks based on correlation calculation between the metadata received from one or more first agent module installed within vehicles and/or from one or more second agent modules installed within road infrastructure; indicating a probability of a cyber-attack against one or more vehicle based on correlation calculation; initiating blocking of vehicle-to-vehicle communication to present and/or stop a spread of an identified threat.
22 Citations
23 Claims
-
1. A vehicle correlation system for detection of a probability of at least one cyber-attack on one or more vehicles the system comprising:
-
a. a plurality of first embedded software modules each installed within one of a plurality of vehicles; b. a plurality of second embedded software modules each installed within a road infrastructure, wherein the road infrastructure is vehicle traffic related infrastructure and is selected from a group consisting of traffic light infrastructure, stop light infrastructure, railroad crossing infrastructure, and highway interchange infrastructure; c. a detection server communicating with the plurality of first embedded software modules and the plurality of second embedded software modules via a network; wherein the plurality of first embedded software modules and the plurality of second embedded software modules are operable to transmit metadata to the detection server; wherein the detection server indicates a probability of a cyber-attack against one or more vehicles based on a correlation calculation between the metadata received from one or more of the plurality of first embedded software modules and metadata received from one or more of the plurality of second embedded software modules, wherein the identified probability of a cyber-attack is of a cyber-attack effecting at least one of vehicle functioning, vehicle safety, and integrity of data transmitted from one or more of the plurality of vehicles, and wherein the detection server is configured to initiate blocking vehicle-to-vehicle communication to prevent a further spread of the suspect and/or the identified threat; wherein the detection server uses geographic information system (GIS) for calculating the correlation; wherein the correlation is indicative of a member selected from a group consisting of;
threat to one or more of the plurality of vehicles, an identified attack originated from the plurality of multiple vehicles, wherein the correlation identifies infection and spread of the identified cyber-attack based on vehicle-to-vehicle communication;wherein the metadata is associated with at least one of data communicated among the plurality of vehicles and data between one or more of the plurality of vehicles and the infrastructure, the metadata comprises data parameters selected from a group consisting of; a location of one or more of the plurality of vehicles, geographic information, a vehicle unique identification, an event time, one or more vehicle-to-vehicle communication parameters, one or more vehicle-to-infrastructure communication parameters, one or more vehicle-to-cloud communication parameters, metadata of software applications used in one or more of the plurality of vehicles. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for detection of a probability of at least one cyber-attack, the method comprising:
-
receiving metadata from a plurality of first embedded software modules each installed within one of a plurality of vehicles and metadata from a plurality of second embedded software modules installed within road infrastructure, wherein the road infrastructure is vehicle traffic related infrastructure and is selected from a group consisting of traffic light infrastructure, stop light infrastructure, railroad crossing infrastructure, and highway interchange infrastructure and in a range of communication with at least one of the first embedded software; indicating a probability of cyberattacks based on a correlation between the metadata received from one or more of the plurality of first embedded software modules and metadata received from one or more of the plurality of second embedded software modules, wherein the identified probability of a cyber-attack is of a cyber-attack effecting at least one of vehicle functioning, vehicle safety, and integrity of data transmitted from one or more of the plurality of vehicles, and wherein the detection server is configured to initiate blocking vehicle-to-vehicle communication to prevent a further spread of the suspect and/or the identified threat; wherein geographic information system (GIS) is used for calculating the correlation; wherein the correlation is indicative of a member selected from a group consisting of;
a threat to one or more of the plurality of vehicles, an identified attack originated from the plurality of multiple vehicles, wherein the correlation identifies infection and spread of the identified cyber-attack based on vehicle-to-vehicle communication;wherein the metadata is associated with at least one of data communicated among the plurality of vehicles and data between one or more of the plurality of vehicles and the infrastructure, the metadata comprises data parameters selected from a group consisting of; a location of one or more of the plurality of vehicles, geographic information, a vehicle unique identification, an event time, one or more vehicle-to-vehicle communication parameters, one or more vehicle-to-infrastructure communication parameters, one or more vehicle-to-cloud communication parameters, metadata of software applications used in one or more of the plurality of vehicles. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
Specification