CENTRALIZED CONTROLLER MANAGEMENT AND ANOMALY DETECTION
First Claim
1. A system for providing security on externally connected electronic control units (ECUs) of automobiles, the system comprising:
- a processor and computer-readable memory, the computer-readable memory comprising instructions that, when executed by the processor, cause the processor to perform operations comprising;
receiving, at a server system, operation information for a plurality of instances of a ECU, the plurality of instances being installed across a plurality of devices, the operation information comprises malware reports that identify malware on the plurality of instances of the ECU;
statistically analyzing, by the server system, the operation information;
identifying, by the server system, one or more anomalous ECU behaviors based on the statistical analysis; and
providing, by the server system, information regarding the one or more anomalous ECU behaviors on the ECU as potential security threats.
2 Assignments
0 Petitions
Accused Products
Abstract
In one implementation, a method for providing security on externally connected controllers includes receiving, at a server system, operation information for a plurality of instances of a controller, the plurality of instances being installed across a plurality of devices; statistically analyzing, by the server system, the operation information; identifying, by the server system, one or more anomalous controller behaviors based on the statistical analysis; and providing, by the server system, information regarding the one or more anomalous controller behaviors on the controller as potential security threats.
16 Citations
25 Claims
-
1. A system for providing security on externally connected electronic control units (ECUs) of automobiles, the system comprising:
-
a processor and computer-readable memory, the computer-readable memory comprising instructions that, when executed by the processor, cause the processor to perform operations comprising; receiving, at a server system, operation information for a plurality of instances of a ECU, the plurality of instances being installed across a plurality of devices, the operation information comprises malware reports that identify malware on the plurality of instances of the ECU; statistically analyzing, by the server system, the operation information; identifying, by the server system, one or more anomalous ECU behaviors based on the statistical analysis; and providing, by the server system, information regarding the one or more anomalous ECU behaviors on the ECU as potential security threats. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for providing security on externally connected electronic control units (ECUs) of automobiles, the method comprising:
-
receiving, at a server system, operation information for a plurality of instances of a ECU, the plurality of instances being installed across a plurality of devices, the operation information comprises malware reports that identify malware on the plurality of instances of the ECU; statistically analyzing, by the server system, the operation information; identifying, by the server system, one or more anomalous ECU behaviors based on the statistical analysis; and providing, by the server system, information regarding the one or more anomalous ECU behaviors on the ECU as potential security threats. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method for providing security on externally connected ECUs of automobiles, the method comprising:
-
receiving, at a server system, real-time information identifying malware blocked by a security middleware layer running on a ECU that is part of a device; aggregating, by the server system, the real-time information with real-time information from other ECUs; determining, by the server system, aggregate information related to the blocked malware on the ECU; generating, by the server system, a report that includes information identifying the blocked malware on the ECU and the aggregate information; and transmitting, by the server system and in real-time, the report to a client computing device for a user who is associated with the ECU. - View Dependent Claims (22, 23, 24, 25)
-
Specification