Abstract: A multiple vehicle cyber-attack detection system including a vehicle operations center coupled to and monitoring vehicles, where each operations center includes a cyber-attack alert module. A vehicle cyber-attack detection system is in communication with each operations center and includes a first tier security module coupled to an onboard system of each vehicle and receives system log data generated by the onboard system. The first tier security module extracts extracted features from a time series of overlapping windowed system log data generated from the system log data with natural language processing and includes a first cyber-attack anomaly detection module that identifies a first cyber-attack based on system entropy measurements. A second cyber-attack anomaly detection module includes a deep learning component that identifies a second cyber-attack based on classification of the extracted features.

Abstract: A multiple vehicle cyber-attack detection system including a vehicle operations center coupled to and monitoring vehicles, where each operations center includes a cyber-attack alert module. A vehicle cyber-attack detection system is in communication with each operations center and includes a first tier security module coupled to an onboard system of each vehicle and receives system log data generated by the onboard system. The first tier security module extracts extracted features from a time series of overlapping windowed system log data generated from the system log data with natural language processing and includes a first cyber-attack anomaly detection module that identifies a first cyber-attack based on system entropy measurements. A second cyber-attack anomaly detection module includes a deep learning component that identifies a second cyber-attack based on classification of the extracted features.

Abstract: A vehicle cyber-attack detection system includes at least one first tier security module coupled to at least one onboard system of a respective vehicle and being configured so as to receive system log data generated by the at least one onboard system of the respective vehicle. The first tier security module extracts extracted features from the system log data with natural language processing and includes a first cyber-attack anomaly detection module that identifies a first cyber-attack based on system entropy measurements determined from the extracted features, and a second cyber-attack anomaly detection module that includes a deep learning component that identifies a second cyber-attack based on classification of the extracted features. A cyber-attack alert module is coupled to the first tier security module for generating a notification of one or more of the first cyber-attack and the second cyber-attack to effect cyber-attack diagnostics and remediation by vehicle personnel.

Abstract: A vehicle cyber-attack detection system includes at least one first tier security module coupled to at least one onboard system of a respective vehicle and being configured so as to receive system log data generated by the at least one onboard system of the respective vehicle. The first tier security module extracts extracted features from the system log data with natural language processing and includes a first cyber-attack anomaly detection module that identifies a first cyber-attack based on system entropy measurements determined from the extracted features, and a second cyber-attack anomaly detection module that includes a deep learning component that identifies a second cyber-attack based on classification of the extracted features. A cyber-attack alert module is coupled to the first tier security module for generating a notification of one or more of the first cyber-attack and the second cyber-attack to effect cyber-attack diagnostics and remediation by vehicle personnel.