Abstract: A system, non-transitory computer readable medium and method for detecting anomalous activity based on a data distribution is disclosed. The system includes a processor, and a memory coupled to the processor. The memory stores computer executable instructions that, when executed by the processor, cause the processor to obtain a plurality of datapoints defining a data distribution. The processor classifies the plurality of datapoints as isolated or non-isolated datapoints, and clusters at least some of the non-isolated datapoints into at least one mode segment. A reference mode from the at least one mode segment is identified, and at least one outlier being either an isolated or non-isolated datapoint separated from the reference mode by a predetermined number of isolated datapoints representing a flat portion is identified. An action is initiated based on the identified at least one outlier.

Abstract: Method and system for lossless and stateless compression scheme is used with a fixed-length data such as frames. Frames having a payload of M bits length are mapped into a payload of N bits length, where N<M. The N bits payload of each received frame is extracted, and mapped using a memory, PLD, or a processor, to reconstruct the uncompressed M bits payload, and to form the original frame. The reconstruction may use a set of N coefficients that are each multiplied by the corresponding received payload bit, and summarized modulo-2 to obtain the original pre-compressed M payload bits. The method and system may be used with a vehicle bus, such as Controller Area Network (CAN). The compressed frames may use the same or different protocol than the uncompressed ones, and may further carry an additional code such as metadata, error detection or correction code, or authentication related code.

Abstract: Method and system for lossless and stateless compression scheme is used with a fixed-length data such as frames. Frames having a payload of M bits length are mapped into a payload of N bits length, where N<M. The N bits payload of each received frame is extracted, and mapped using a memory, PLD, or a processor, to reconstruct the uncompressed M bits payload, and to form the original frame. The reconstruction may use a set of N coefficients that are each multiplied by the corresponding received payload bit, and summarized modulo-2 to obtain the original pre-compressed M payload bits. The method and system may be used with a vehicle bus, such as Controller Area Network (CAN). The compressed frames may use the same or different protocol than the uncompressed ones, and may further carry an additional code such as metadata, error detection or correction code, or authentication related code.

Abstract: Method and system for lossless and stateless compression scheme is used with a fixed-length data such as frames. Frames having a payload of M bits length are mapped into a payload of N bits length, where N<M. The N bits payload of each received frame is extracted, and mapped using a memory, PLD, or a processor, to reconstruct the uncompressed M bits payload, and to form the original frame. The reconstruction may use a set of N coefficients that are each multiplied by the corresponding received payload bit, and summarized modulo-2 to obtain the original pre-compressed M payload bits. The method and system may be used with a vehicle bus, such as Controller Area Network (CAN). The compressed frames may use the same or different protocol than the uncompressed ones, and may further carry an additional code such as metadata, error detection or correction code, or authentication related code.

Abstract: Method and system for lossless and stateless compression scheme is used with a fixed-length data such as frames. Frames having a payload of M bits length are mapped into a payload of N bits length, where N<M. The N bits payload of each received frame is extracted, and mapped using a memory, PLD, or a processor, to reconstruct the uncompressed M bits payload, and to form the original frame. The reconstruction may use a set of N coefficients that are each multiplied by the corresponding received payload bit, and summarized modulo-2 to obtain the original pre-compressed M payload bits. The method and system may be used with a vehicle bus, such as Controller Area Network (CAN). The compressed frames may use the same or different protocol than the uncompressed ones, and may further carry an additional code such as metadata, error detection or correction code, or authentication related code.

Abstract: A protected network connected to an external network is protected by analyzing messages received from the external network or from devices connected to the network that may be substituted, compromised, or otherwise malware infected. An analyzer functionality for detecting the malware in the received messages is located separately from the physical connection to the external network. The received messages are re-directed via a tunnel to the analyzer functionality for malware detection, and the tunnel may be Layer-2, Layer-3, or Software Defined Network (SDN) based tunnel. In case of no malware detection, the messages are directed to the original destination. In case of malware detection, various actions are taken. The network may be a wired network, such as an automotive network, PAN, LAN, MAN, or WAN, and may be configured as point-to-point or multi-point topology. The external network may be a wireless network or a public network such as the Internet.