Abstract: A device and method for analyzing service-oriented communication in a communications network. A data packet includes a header for service-oriented communication. It is analyzed for the data packet depending on information about at least two data fields of the header whether or not the data packet meets a criterion, the criterion defining a setpoint value for values from the at least two data fields permitted in the communications network or a combination of information from the at least two data fields permitted in the communications network.

Abstract: Device and method for intrusion detection in a computer network. A data packet is received at an input of a hardware switch unit, an actual value from a field of the data packet being compared in a comparison by a hardware filter with a setpoint value for values from the field, the field including data link layer data or network layer data, a value for a counter determined as a function of a result of the comparison being provided by the hardware switch unit, and a computing device determining a result of the intrusion detection as a function of the value of the counter in the hardware switch unit and independently of information from the data packet, in particular, without an evaluation of information from the data packet by the computing device.

Abstract: A device and a method for anomaly detection in a communications network, at least two messages at a port of the communications network being observed, a property of a communication behavior of a network user being determined as a function of the at least two messages, a deviation of the property from an expected property being determined, and the presence of an anomaly being detected when the deviation differs from an allowable deviation. The expected property defines a communication behavior of the at least one network user as a function of an in particular static network architecture of the communications network.

Abstract: A device for processing data, including at least two data interfaces, a first data interface of the at least two data interfaces being designed to at least temporarily exchange first data with at least one first external unit according to a first communication protocol, in particular CAN and/or FlexRay and/or LIN and/or MOST and/or Ethernet, a second data interface of the at least two data interfaces being designed to at least temporarily exchange data with a second external unit and/or the first external unit according to a second communication protocol, which is different than the first communication protocol, the device including a security unit, which is designed to at least temporarily carry out at least one security function with regard to at least one of the at least two data interfaces.

Abstract: Device and method for intrusion detection in a computer network. A data packet is received at an input of a hardware switch unit, an output of the hardware switch unit being selected for sending the data packet or a copy as a function of data link layer information from the data packet and of a hardware address from a memory of the hardware switch unit. An actual value from a field of the data packet is compared by a hardware filter with a setpoint value for values from this field, the field including data link layer data or network layer data, and the data packet or a copy of the data packet being provided to a computing device as a function of a result of the comparison. The analysis for detecting an intrusion pattern in a network traffic in the computer network id carried out by the computing device.

Abstract: A device and a method for analyzing service-oriented communication in a communications network. A data packet includes a first header of an application layer for service-oriented communication, and a second header of a presentation layer, a session layer, a transport layer, a network layer, a data link layer, or a physical layer. The data packet is analyzed based on information concerning a sender and/or receiver of the data packet from the first header and as a function of information concerning a sender and/or receiver from the second header, for whether or not the data packet meets a criterion, the criterion defining a setpoint value for the sender and/or receiver in the first header as a function of the content of the second header, and/or the criterion defining a setpoint value for the sender and/or receiver in the second header as a function of the content of the first header.

Abstract: A device and method for intrusion detection in a computer network. A data packet is received at an input of a hardware switch unit, an output of the hardware switch unit is selected for sending the data packet or a copy as a function of security layer information from the data packet and of a hardware address, context information for the data packet being determined, an actual value from a field being compared in a comparison by a hardware filter with a setpoint value for values from this field, the field including security layer data or mediation layer data, and an interrupt for a computing device being triggered as a function of a result of the comparison, an analysis for detecting an intrusion pattern in a network traffic in the computer network, triggered by the interrupt, being carried out as a function of the context information for the data packet.

Abstract: A computer-implemented method for processing data associated with a first network element. The method includes: ascertaining a subset of a data traffic associated with the network element, and evaluating the subset.

Abstract: In a method and a device for detecting anomalies in data in data traffic across a communication network in a vehicle, the device encompasses a plurality of hardware interfaces and a monolithic coupling element designed for transmitting data arriving at one of the hardware interfaces in a data packet via at least one of the hardware interfaces and analyzing the data packet or a copy of the data packet for a detection of anomalies in the data of the communication network or of a subsystem of the communication network connected to one of the hardware interfaces.

Abstract: A device and method for handling an anomaly in a communication network of a motor vehicle includes at least one detector analyzing a data stream in the communication network, recognizing at least one anomaly using a rule-based anomaly recognition method if at least one parameter for a data packet of the data stream deviates from a target value, and sending information about the at least one recognized anomaly via the communication network.

Abstract: A method for detecting anomalies in a computer network, in which a message transmitted over the computer network is received or recorded by a node of the computer network; based on at least the message, it is checked by a detection mechanism of the node whether the anomalies have occurred, and an occurrence of the anomalies is either confirmed or refuted according to a predefined detection rule of the detection mechanism.

Abstract: A device for processing data, including at least two data interfaces, a first data interface of the at least two data interfaces being designed to at least temporarily exchange first data with at least one first external unit according to a first communication protocol, in particular CAN and/or FlexRay and/or LIN and/or MOST and/or Ethernet, a second data interface of the at least two data interfaces being designed to at least temporarily exchange data with a second external unit and/or the first external unit according to a second communication protocol, which is different than the first communication protocol, the device including a security unit, which is designed to at least temporarily carry out at least one security function with regard to at least one of the at least two data interfaces.

Abstract: A device and a method for anomaly detection in a communications network, at least two messages at a port of the communications network being observed, a property of a communication behavior of a network user being determined as a function of the at least two messages, a deviation of the property from an expected property being determined, and the presence of an anomaly being detected when the deviation differs from an allowable deviation. The expected property defines a communication behavior of the at least one network user as a function of an in particular static network architecture of the communications network.

Abstract: A device and method for analyzing service-oriented communication in a communications network. A data packet includes a header for service-oriented communication. It is analyzed for the data packet depending on information about at least two data fields of the header whether or not the data packet meets a criterion, the criterion defining a setpoint value for values from the at least two data fields permitted in the communications network or a combination of information from the at least two data fields permitted in the communications network.

Abstract: A device and a method for analyzing service-oriented communication in a communications network. A data packet includes a first header of an application layer for service-oriented communication, and a second header of a presentation layer, a session layer, a transport layer, a network layer, a data link layer, or a physical layer. The data packet is analyzed based on information concerning a sender and/or receiver of the data packet from the first header and as a function of information concerning a sender and/or receiver from the second header, for whether or not the data packet meets a criterion, the criterion defining a setpoint value for the sender and/or receiver in the first header as a function of the content of the second header, and/or the criterion defining a setpoint value for the sender and/or receiver in the second header as a function of the content of the first header.

Abstract: A device and method for intrusion detection in a computer network. A data packet is received at an input of a hardware switch unit, an output of the hardware switch unit is selected for sending the data packet or a copy as a function of security layer information from the data packet and of a hardware address, context information for the data packet being determined, an actual value from a field being compared in a comparison by a hardware filter with a setpoint value for values from this field, the field including security layer data or mediation layer data, and an interrupt for a computing device being triggered as a function of a result of the comparison, an analysis for detecting an intrusion pattern in a network traffic in the computer network, triggered by the interrupt, being carried out as a function of the context information for the data packet.

Abstract: Device and method for intrusion detection in a computer network. A data packet is received at an input of a hardware switch unit, an actual value from a field of the data packet being compared in a comparison by a hardware filter with a setpoint value for values from the field, the field including data link layer data or network layer data, a value for a counter determined as a function of a result of the comparison being provided by the hardware switch unit, and a computing device determining a result of the intrusion detection as a function of the value of the counter in the hardware switch unit and independently of information from the data packet, in particular, without an evaluation of information from the data packet by the computing device.

Abstract: Device and method for intrusion detection in a computer network. A data packet is received at an input of a hardware switch unit, an output of the hardware switch unit being selected for sending the data packet or a copy as a function of data link layer information from the data packet and of a hardware address from a memory of the hardware switch unit. An actual value from a field of the data packet is compared by a hardware filter with a setpoint value for values from this field, the field including data link layer data or network layer data, and the data packet or a copy of the data packet being provided to a computing device as a function of a result of the comparison. The analysis for detecting an intrusion pattern in a network traffic in the computer network id carried out by the computing device.

Abstract: A method and a device for anomaly detection, the device including at least one port and a processing unit. The at least one port is designed to process, in particular to send or to receive, a data packet. The processing unit is designed to check, as a function of a first piece of information concerning the physical port at which the data packet is processed, and as a function of a second piece of information from at least one protocol header of the data packet, whether or not the data packet to be processed, including this second piece of information, is allowed to be processed at this physical port. An anomaly is detected when it is determined that the data packet is not allowed to be processed at the physical port.

Abstract: In a method and a device for detecting anomalies in data in data traffic across a communication network in a vehicle, the device encompasses a plurality of hardware interfaces and a monolithic coupling element designed for transmitting data arriving at one of the hardware interfaces in a data packet via at least one of the hardware interfaces and analyzing the data packet or a copy of the data packet for a detection of anomalies in the data of the communication network or of a subsystem of the communication network connected to one of the hardware interfaces.