SYSTEM AND METHOD FOR TIME BASED ANOMALY DETECTION IN AN IN-VEHICLE COMMUNICATION NETWORK
First Claim
1. A system including a non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform timing-based cyber-security operations, the operations including:
- maintaining a timing model of an expected behavior of data communications over an in-vehicle communication network;
receiving a plurality of messages communicated over the network;
determining, based on the timing model and based on timing attributes of the plurality of messages, whether or not at least one of the messages complies with the timing model; and
if at least one message does not comply with the timing model then performing, by the processor, at least one action related to the message.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for providing security to a network may include maintaining, by a processor, a model of an expected behavior of data communications over the in-vehicle communication network; receiving, by the processor, a message sent over the network; determining, by the processor, based on the model and based on a timing attribute of the message, whether or not the message complies with the model; and if the message does not comply with the model then performing, by the processor, at least one action related to the message.
-
Citations
20 Claims
-
1. A system including a non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform timing-based cyber-security operations, the operations including:
-
maintaining a timing model of an expected behavior of data communications over an in-vehicle communication network; receiving a plurality of messages communicated over the network; determining, based on the timing model and based on timing attributes of the plurality of messages, whether or not at least one of the messages complies with the timing model; and if at least one message does not comply with the timing model then performing, by the processor, at least one action related to the message. - View Dependent Claims (2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 13)
-
-
7. The system of 1 claim, wherein the processor is further configured to:
-
determine a context related to at least one of;
the vehicle, the network, and a node connected to the network; anddetermine whether or not a message is related to an anomaly based on the context.
-
-
14. A method comprising:
-
maintaining, by a processor, a timing model of an expected behavior of data communications over the in-vehicle communication network; receiving, by the processor, a plurality of messages sent over the network; determining, by the processor, based on the timing model and based on timing attributes of the plurality of messages, whether or not at least one of the messages complies with the timing model; and if the message does not comply with the timing model then performing, by the processor, at least one action related to the message. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A method for enforcing security in a communication network, the method comprising:
-
maintaining, by a processor, a timing model related to messages communicated on the network; receiving first message and a second message communicated on the network; determining, based on the timing model and based on a time interval between the first and second messages, whether or not at least one of the first and second messages is related to an anomaly; and if at least one of the first and second messages is related to an anomaly then performing at least one action related to the messages.
-
Specification