Vehicle correlation system for cyber attacks detection and method thereof

US 10,516,681 B2
Filed: 09/21/2015
Issued: 12/24/2019
Est. Priority Date: 09/25/2014
Status: Active Grant

First Claim

Patent Images

1. A vehicle correlation system for detection of a probability of at least one cyber-attack on one or more vehicles the system comprising:

a. a plurality of first embedded software modules each installed within one of a plurality of vehicles;

b. a plurality of second embedded software modules each installed within a road infrastructure, wherein the road infrastructure is vehicle traffic related infrastructure and is selected from a group consisting of traffic light infrastructure, stop light infrastructure, railroad crossing infrastructure, and highway interchange infrastructure;

c. a detection server communicating with the plurality of first embedded software modules and the plurality of second embedded software modules via a network;

wherein the plurality of first embedded software modules and the plurality of second embedded software modules are operable to transmit metadata to the detection server;

wherein the detection server indicates a probability of a cyber-attack against one or more vehicles based on a correlation calculation between the metadata received from one or more of the plurality of first embedded software modules and metadata received from one or more of the plurality of second embedded software modules, wherein the identified probability of a cyber-attack is of a cyber-attack effecting at least one of vehicle functioning, vehicle safety, and integrity of data transmitted from one or more of the plurality of vehicles, and wherein the detection server is configured to initiate blocking vehicle-to-vehicle communication to prevent a further spread of the suspect and/or the identified threat;

wherein the detection server uses geographic information system (GIS) for calculating the correlation;

wherein the correlation is indicative of a member selected from a group consisting of;

threat to one or more of the plurality of vehicles, an identified attack originated from the plurality of multiple vehicles, wherein the correlation identifies infection and spread of the identified cyber-attack based on vehicle-to-vehicle communication;

wherein the metadata is associated with at least one of data communicated among the plurality of vehicles and data between one or more of the plurality of vehicles and the infrastructure, the metadata comprises data parameters selected from a group consisting of;

a location of one or more of the plurality of vehicles, geographic information, a vehicle unique identification, an event time, one or more vehicle-to-vehicle communication parameters, one or more vehicle-to-infrastructure communication parameters, one or more vehicle-to-cloud communication parameters, metadata of software applications used in one or more of the plurality of vehicles.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for detection of at least one cyber-attack on one or more vehicles including steps of transmitting and/or receiving by a first on-board agent module installed within one or more vehicles and/or a second on-board agent module installed within road infrastructure and in a range of communication with said first on-board agent module metadata to and/or from an on-site and/or remote cloud-based detection server including a correlation engine; detecting cyberattacks based on correlation calculation between the metadata received from one or more first agent module installed within vehicles and/or from one or more second agent modules installed within road infrastructure; indicating a probability of a cyber-attack against one or more vehicle based on correlation calculation; initiating blocking of vehicle-to-vehicle communication to present and/or stop a spread of an identified threat.

22 Citations

View as Search Results

23 Claims

1. A vehicle correlation system for detection of a probability of at least one cyber-attack on one or more vehicles the system comprising:
- a. a plurality of first embedded software modules each installed within one of a plurality of vehicles;
  
  b. a plurality of second embedded software modules each installed within a road infrastructure, wherein the road infrastructure is vehicle traffic related infrastructure and is selected from a group consisting of traffic light infrastructure, stop light infrastructure, railroad crossing infrastructure, and highway interchange infrastructure;
  
  c. a detection server communicating with the plurality of first embedded software modules and the plurality of second embedded software modules via a network;
  
  wherein the plurality of first embedded software modules and the plurality of second embedded software modules are operable to transmit metadata to the detection server;
  
  wherein the detection server indicates a probability of a cyber-attack against one or more vehicles based on a correlation calculation between the metadata received from one or more of the plurality of first embedded software modules and metadata received from one or more of the plurality of second embedded software modules, wherein the identified probability of a cyber-attack is of a cyber-attack effecting at least one of vehicle functioning, vehicle safety, and integrity of data transmitted from one or more of the plurality of vehicles, and wherein the detection server is configured to initiate blocking vehicle-to-vehicle communication to prevent a further spread of the suspect and/or the identified threat;
  
  wherein the detection server uses geographic information system (GIS) for calculating the correlation;
  
  wherein the correlation is indicative of a member selected from a group consisting of;
  
  threat to one or more of the plurality of vehicles, an identified attack originated from the plurality of multiple vehicles, wherein the correlation identifies infection and spread of the identified cyber-attack based on vehicle-to-vehicle communication;
  
  wherein the metadata is associated with at least one of data communicated among the plurality of vehicles and data between one or more of the plurality of vehicles and the infrastructure, the metadata comprises data parameters selected from a group consisting of;
  
  a location of one or more of the plurality of vehicles, geographic information, a vehicle unique identification, an event time, one or more vehicle-to-vehicle communication parameters, one or more vehicle-to-infrastructure communication parameters, one or more vehicle-to-cloud communication parameters, metadata of software applications used in one or more of the plurality of vehicles.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system according to claim 1, wherein the correlation is indicative of a spread of a suspect or an identified attack among multiple embedded software modules from the first and/or second embedded software modules over time and/or location.
  - 3. The system according to claim 1, wherein at least some of the metadata is transmitted to at least one of the plurality of first embedded software modules and/or at least one of the plurality of second embedded software modules.
  - 4. The system according to claim 1, wherein the correlation engine is configured to identify a pattern of an attack spread according to the correlation calculation.
  - 5. The system according to claim 1, wherein one or more of the plurality of first embedded software modules are operable to notify each other based on vehicle-to-vehicle communication of the suspect and/or the identified threat.
  - 6. The system according to claim 1, wherein the detection server identifies a location based on cellular data and the metadata.
  - 7. The system according to claim 1, wherein the detection server uses geographic information for calculating the correlation.
  - 8. The system according to claim 1, wherein the metadata is originated from an infotainment system.
  - 9. The system according to claim 1, wherein at least some of the metadata is originated from sensors of the plurality of vehicles.
  - 10. The system according to claim 1, wherein the metadata is originated from telematics of the plurality of vehicles.
  - 11. The system according to claim 1, wherein the plurality of vehicles travel over air, land or sea.

12. A method for detection of a probability of at least one cyber-attack, the method comprising:
- receiving metadata from a plurality of first embedded software modules each installed within one of a plurality of vehicles and metadata from a plurality of second embedded software modules installed within road infrastructure, wherein the road infrastructure is vehicle traffic related infrastructure and is selected from a group consisting of traffic light infrastructure, stop light infrastructure, railroad crossing infrastructure, and highway interchange infrastructure and in a range of communication with at least one of the first embedded software;
  
  indicating a probability of cyberattacks based on a correlation between the metadata received from one or more of the plurality of first embedded software modules and metadata received from one or more of the plurality of second embedded software modules, wherein the identified probability of a cyber-attack is of a cyber-attack effecting at least one of vehicle functioning, vehicle safety, and integrity of data transmitted from one or more of the plurality of vehicles, and wherein the detection server is configured to initiate blocking vehicle-to-vehicle communication to prevent a further spread of the suspect and/or the identified threat;
  
  wherein geographic information system (GIS) is used for calculating the correlation;
  
  wherein the correlation is indicative of a member selected from a group consisting of;
  
  a threat to one or more of the plurality of vehicles, an identified attack originated from the plurality of multiple vehicles, wherein the correlation identifies infection and spread of the identified cyber-attack based on vehicle-to-vehicle communication;
  
  wherein the metadata is associated with at least one of data communicated among the plurality of vehicles and data between one or more of the plurality of vehicles and the infrastructure, the metadata comprises data parameters selected from a group consisting of;
  
  a location of one or more of the plurality of vehicles, geographic information, a vehicle unique identification, an event time, one or more vehicle-to-vehicle communication parameters, one or more vehicle-to-infrastructure communication parameters, one or more vehicle-to-cloud communication parameters, metadata of software applications used in one or more of the plurality of vehicles.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 13. The method according to claim 12, wherein the correlation is indicative of a spread of a suspect or an identified attack among multiple embedded software modules from the first and/or second embedded software modules over time and/or location.
  - 14. The method according to claim 13, wherein one or more of the first embedded software modules installed within one or more vehicles are operable to notify each other based on vehicle-to-vehicle communication of the suspect and/or the identified threat.
  - 15. The method according to claim 12, wherein at least some of the metadata is transmitted to at least one of the plurality of first embedded software modules and/or at least one of the plurality of second embedded software modules.
  - 16. The method according to claim 12, wherein a server is configured to identify a pattern of an attack spread according to the correlation.
  - 17. The method according to claim 12, wherein the correlation is based on location calculated from cellular data.
  - 18. The method according to claim 12, wherein the correlation is based on geographic information calculated from a third party geographic information system (GIS).
  - 19. The method according to claim 18, wherein the GIS contains city data.
  - 20. The method according to claim 12, wherein the metadata is originated from an infotainment system.
  - 21. The method according to claim 12, wherein the metadata is originated from the vehicles'"'"' sensors.
  - 22. The method according to claim 12, wherein the metadata is originated from the vehicles'"'"' telematics systems.
  - 23. The method according to claim 12, wherein the vehicles travel over air, land or sea.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tower-Sec Ltd.
Original Assignee
Tower-Sec Ltd.
Inventors
Ruvio, Guy, Dickman, Saar, Weisglass, Yuval, Etgar, Yoav
Primary Examiner(s)
Chiang, Jason

Application Number

US15/469,300
Publication Number

US 20170230385A1
Time in Patent Office

1,555 Days
Field of Search

None
US Class Current
CPC Class Codes

B60R 25/30   Detection related to theft ...

G06F 21/552   involving long-term monitor...

G06F 21/554   involving event detection a...

G06F 2221/2113   Multi-level security, e.g. ...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

H04L 67/12   specially adapted for propr...

H04W 12/12   Detection or prevention of ...

H04W 4/44   for communication between v...

H04W 84/18   Self-organising networks, e...

Vehicle correlation system for cyber attacks detection and method thereof

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

22 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Vehicle correlation system for cyber attacks detection and method thereof

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links