Abstract: A threat information analysis server includes: an update manager that manages update information indicating that function addition to an IoT device is performed; a threat information manager that stores threat information of a cyberattack; a risk level manager that manages risk level information defining a risk level of the IoT device; a related threat information manager that manages the threat information and related threat information associating the IoT device with the risk level; a risk level updater that associates the threat information and the risk level of the IoT device with each other and updates the related threat information, based on the update information; and an outputter that outputs the related threat information managed by the related threat information manager.

Abstract: An active carbon molded body that comprises a plurality of active carbon granules that are formed from aggregates of active carbon particles. The active carbon granules include a fibrous granulation binder. The active carbon molded body is formed as a result of the plurality of active carbon granules being aggregated by means of the fibrous granulation binder in the active carbon granules. The present invention is also an active carbon molded body production method in which active carbon granules that have been formed by aggregating active carbon particles by means of a fibrous binder are molded by simultaneous application of heat and pressure without separate addition of a molding binder. The present invention thereby provides: an active carbon molded body that has high purification capacity and good production efficiency; and a production method for the active carbon molded body.

Abstract: A threat information analysis server includes: an update manager that manages update information indicating that function addition to an IoT device is performed; a threat information manager that stores threat information of a cyberattack; a risk level manager that manages risk level information defining a risk level of the IoT device; a related threat information manager that manages the threat information and related threat information associating the IoT device with the risk level; a risk level updater that associates the threat information and the risk level of the IoT device with each other and updates the related threat information, based on the update information; and an outputter that outputs the related threat information managed by the related threat information manager.

Abstract: An information processing apparatus connected to one or more vehicles and a threat information server storing pieces of threat information. The information processing apparatus includes: a processor; and a memory including at least one set of instructions that, when executed by the processor, causes the processor to perform: obtaining a detection result of an attack on one of the vehicles; (a) determining whether the attack is included in any one of the pieces of threat information; (b) when the attack is included therein, determining whether the resolution state to the attack included in the one of the pieces of threat information indicates that the attack has not been resolved or has been resolved; (c) deciding a processing priority level of the attack, based on a determination result in (a) and a determination result in (b); and (d) outputting the processing priority level decided.

Abstract: An anomaly detection method for detecting an anomaly in an in-vehicle network of an in-vehicle network system including a plurality of electronic control units that transmit and receive messages via the network includes: generating image data of a reception interval between a plurality of messages included in a message sequence in a predetermined period out of a message sequence received from the in-vehicle network, or image data of a transition of a sensor value of the plurality of messages; classifying the image data using a trained CNN according to whether an attack message has been inserted in the predetermined period; and when the attack message has been inserted in the predetermined period, outputting a detection result indicating that an insertion attack which is an insertion of the attack message has been made in the predetermined period.

Abstract: An attack analysis device includes: an obtainer that obtains in-vehicle network information indicating a configuration of an in-vehicle network including a plurality of external communication interfaces and a plurality of control Electronic Control Units (ECUs), and anomaly detection information indicating a result of detecting an anomaly in at least one node in the in-vehicle network; an attack path estimator that, based on the in-vehicle network information and the anomaly detection information, estimates an attack path in an attack on the in-vehicle network, the attack path including an entry point indicating an external communication interface that is a point of intrusion into the in-vehicle network in the attack and an attack target indicating a control ECU that is a target of the attack; and an outputter that outputs the attack path.

Abstract: An anomaly detection device includes: an obtainer that obtains vehicle information related to the status of a vehicle and including location data indicating the location of the vehicle; a model storage that stores, for each of a plurality of cells of a grid imposed on a map, an evaluation model for evaluating the vehicle information of the vehicle located at the cell; and a determiner that calculates, based on the vehicle information and evaluation models each being the evaluation model and corresponding to evaluation cells including a first cell including the location of the vehicle indicated in the location data and one or more second cells each having a predetermined positional relationship with the first cell, an anomaly level indicating a degree of anomaly of the vehicle information, determines, based on the anomaly level, whether the vehicle information is anomalous, and outputs a determination result.

Abstract: A threat information analysis server includes: an update manager that manages update information indicating that function addition to an IoT device is performed; a threat information manager that stores threat information of a cyberattack; a risk level manager that manages risk level information defining a risk level of the IoT device; a related threat information manager that manages the threat information and related threat information associating the IoT device with the risk level; a risk level updater that associates the threat information and the risk level of the IoT device with each other and updates the related threat information, based on the update information; and an outputter that outputs the related threat information managed by the related threat information manager.

Abstract: An information processing apparatus connected to one or more vehicles and a threat information server storing pieces of threat information. The information processing apparatus includes: a processor; and a memory including at least one set of instructions that, when executed by the processor, causes the processor to perform: obtaining a detection result of an attack on one of the vehicles; (a) determining whether the attack is included in any one of the pieces of threat information; (b) when the attack is included therein, determining whether the resolution state to the attack included in the one of the pieces of threat information indicates that the attack has not been resolved or has been resolved; (c) deciding a processing priority level of the attack, based on a determination result in (a) and a determination result in (b); and (d) outputting the processing priority level decided.