Abstract: A reference message determining method is used in unauthorized communication detection in an onboard network system that is executed by an information processing system including at least one memory. The onboard network system including a network and one or more electronic control units connected to the network. The method includes executing unauthorized activity detection for determining whether or not a message received from the network is an attack message. A message that could not be determined to be unauthorized is regarded as a gray message. The method also includes determining whether or not the gray message is unauthorized again at a predetermined timing. In a case where the gray message is determined to be an attack message in the unauthorized-activity-detection executing operation, a communication pattern is identified based on information relating to the gray message and information relating to the plurality of the received messages previously determined as unauthorized.

Abstract: An unauthorized activity detection method in an onboard network system. The detection method includes determining whether or not a message sent out onto the network is an attack message, saving information relating to the attack message in at least one memory in a case where the message is an attack message, identifying a communication pattern from information relating to the attack message, and determining whether or not the message matches a communication pattern. The determination of whether an attack message and determination of whether matching a communication pattern are executed on each of a plurality of messages received from the network. In the determining of whether an attack message executed on a message received after executing of determining of whether matching a communication pattern, results of the determination of whether an attack message that has already be executed are used.

Abstract: A method, system, and medium used in unauthorized communication detection in an onboard network system having electronic control units connected to a network include: identifying, from information relating to an attack message on the onboard network system, a communication pattern indicating features of the attack message; determining whether a candidate reference message matches the communication pattern; and determining a reference message used as a reference in determining whether or not a message sent out onto the network is an attack message, using results of the determining of whether or not the candidate reference message matches the communication pattern identified in the identifying operation.

Abstract: An unauthorized activity detection method in an onboard network system. The detection method includes determining whether or not a message sent out onto the network is an attack message, saving information relating to the attack message in at least one memory in a case where the message is an attack message, identifying a communication pattern from information relating to the attack message, and determining whether or not the message matches a communication pattern. The determination of whether an attack message and determination of whether matching a communication pattern are executed on each of a plurality of messages received from the network. In the determining of whether an attack message executed on a message received after executing of determining of whether matching a communication pattern, results of the determination of whether an attack message that has already be executed are used.

Abstract: A selection method is for selecting a reference message to be used to detect unauthorized communication in an in-vehicle network system including a network and one or more electronic control units connected to the network. The reference message is used as a reference for determining whether a message sent to the network is anomalous. The selection method includes: storing candidate information regarding one or more reference message candidates each being a candidate of the reference message; selecting, based on the candidate information regarding the one or more reference message candidates stored in the storing, the selection method for selecting the reference message from among the one or more reference message candidates; and selecting the reference message from among the one or more reference message candidates using the selection method.

Abstract: An unauthorized activity detection method in an onboard network system. The detection method includes determining whether or not a message sent out onto the network is an attack message, saving information relating to the attack message in at least one memory in a case where the message is an attack message, identifying a communication pattern from information relating to the attack message, and determining whether or not the message matches a communication pattern. The determination of whether an attack message and determination of whether matching a communication pattern are executed on each of a plurality of messages received from the network. In the determining of whether an attack message executed on a message received after executing of determining of whether matching a communication pattern, results of the determination of whether an attack message that has already be executed are used.

Abstract: An unauthorized activity detection method in an onboard network system. The detection method includes determining whether or not a message sent out onto the network is an attack message, saving information relating to the attack message in at least one memory in a case where the message is an attack message, identifying a communication pattern from information relating to the attack message, and determining whether or not the message matches a communication pattern. The determination of whether an attack message and determination of whether matching a communication pattern are executed on each of a plurality of messages received from the network. In the determining of whether an attack message executed on a message received after executing of determining of whether matching a communication pattern, results of the determination of whether an attack message that has already be executed are used.

Abstract: An unauthorized activity detection method in an onboard network system. The detection method includes determining whether or not a message sent out onto the network is an attack message, saving information relating to the attack message in at least one memory in a case where the message is an attack message, identifying a communication pattern from information relating to the attack message, and determining whether or not the message matches a communication pattern. The determination of whether an attack message and determination of whether matching a communication pattern are executed on each of a plurality of messages received from the network. In the determining of whether an attack message executed on a message received after executing of determining of whether matching a communication pattern, results of the determination of whether an attack message that has already be executed are used.

Abstract: A method, system, and medium used in unauthorized communication detection in an onboard network system having electronic control units connected to a network include: identifying, from information relating to an attack message on the onboard network system, a communication pattern indicating features of the attack message; determining whether a candidate reference message matches the communication pattern; and determining a reference message used as a reference in determining whether or not a message sent out onto the network is an attack message, using results of the determining of whether or not the candidate reference message matches the communication pattern identified in the identifying operation.

Abstract: A reference message deciding method used in unauthorized communication detection. The deciding method includes: identifying, from information relating to an attack message on the onboard network system, a communication pattern indicating features related to change in data values or communication timing of an attack message; determining whether or not a message sent out onto the network matches a communication pattern identified in the identifying; and deciding a reference message used in determining whether or not the message sent out is an attack message, using determination results of the determining.

Abstract: A fraud detection method includes: determining whether a period of a message repeatedly transmitted in an in-vehicle network is anomalous; detecting whether arbitration occurs when the message is transmitted in the in-vehicle network; and determining that the message is an anomalous message, in the case where the period of the message is anomalous and no arbitration occurs when the message is transmitted in the in-vehicle network.

Abstract: A reference message deciding method used in unauthorized communication detection. The deciding method includes: identifying, from information relating to an attack message on the onboard network system, a communication pattern indicating features related to change in data values or communication timing of an attack message; determining whether or not a message sent out onto the network matches a communication pattern identified in the identifying; and deciding a reference message used in determining whether or not the message sent out is an attack message, using determination results of the determining.

Abstract: An unauthorized activity detection method in an onboard network system. The detection method includes determining whether or not a message sent out onto the network is an attack message, saving information relating to the attack message in at least one memory in a case where the message is an attack message, identifying a communication pattern from information relating to the attack message, and determining whether or not the message matches a communication pattern. The determination of whether an attack message and determination of whether matching a communication pattern are executed on each of a plurality of messages received from the network. In the determining of whether an attack message executed on a message received after executing of determining of whether matching a communication pattern, results of the determination of whether an attack message that has already be executed are used.

Abstract: For address management of a nonvolatile memory, the whole logical address space is divided into logical address ranges (0 to 15), and the physical address space is divided into physical areas (segments (0 to 15)). The logical address ranges are respectively associated with the physical areas (segments) to manage the addresses. The sizes of the logical address ranges are equalized. The size of the physical area (segment (0)) corresponding to the logical address range (0) in which data of high rewrite frequency such as an FAT is expected to be stored is larger than those of the other physical areas, and the logical address ranges and the physical areas are allocated. Alternatively, the sizes of the physical areas are equalized, and the size of the logical address range (0) is set as a smaller one than those of the other logical address ranges. With this, the actual rewrite frequencies of the physical areas (segments) are equal to one another, and consequently the life of the nonvolatile memory can be prolonged.

Abstract: A memory controller for reducing a time to create an address management table during initialization of a memory card. The memory controller includes a read-write memory for temporarily storing the address management table and a second memory controller for writing, in a nonvolatile memory, an address management table temporarily stored in the read-write memory. The second memory controller also writes address range specifying information that specifies an address range, when a data writing destination is changed from a first address range to a second address range. The memory controller includes an address management table generator for reading distributed management information used for managing a state of at least one physical block included in the destination address range specified by the address range specifying information during initialization, and to generate the address management table based on the distributed management information.

Abstract: A host controller can divide a preliminary process for writing to a memory card, or the like, into a plurality of unit processes for execution. While writing or the like is being performed with respect to a memory card (card 1), a new-card preliminary division process of performing one unit process of the preliminary process with respect to a new memory card (card 2) is repeatedly executed. Thereby, the interrupt time of writing or the like due to the preliminary process of the card 2 is divided and distributed, so that each interrupt time division of writing or the like can be reduced.

Abstract: A host controller can divide a preliminary process for writing to a memory card, or the like, into a plurality of unit processes for execution. While writing or the like is being performed with respect to a memory card (card 1), a new-card preliminary division process of performing one unit process of the preliminary process with respect to a new memory card (card 2) is repeatedly executed. Thereby, the interrupt time of writing or the like due to the preliminary process of the card 2 is divided and distributed, so that each interrupt time division of writing or the like can be reduced.

Abstract: For address management of a nonvolatile memory, the whole logical address space is divided into logical address ranges (0 to 15), and the physical address space is divided into physical areas (segments (0 to 15)). The logical address ranges are respectively associated with the physical areas (segments) to manage the addresses. The sizes of the logical address ranges are equalized. The size of the physical area (segment (0)) corresponding to the logical address range (0) in which data of high rewrite frequency such as an FAT is expected to be stored is larger than those of the other physical areas, and the logical address ranges and the physical areas are allocated. Alternatively, the sizes of the physical areas are equalized, and the size of the logical address range (0) is set as a smaller one than those of the other logical address ranges. With this, the actual rewrite frequencies of the physical areas (segments) are equal to one another, and consequently the life of the nonvolatile memory can be prolonged.

Abstract: The invention presents a memory controller capable of shortening the creation time of address management table at the time of initialization of memory card, while avoiding decline of access speed due to process of writing back the address management table in normal operation.