Abstract: A fraud sensing method for use in an in-vehicle network system including a plurality of electronic control units that communicate with each other via a bus includes detecting that a state of a vehicle satisfies a predetermined condition, and switching, upon detecting that the state of the vehicle satisfies the predetermined condition, an operation mode of a fraud-sensing electronic control unit connected to the bus between a first mode in which a first type of sensing process for sensing a fraudulent message in the bus is performed and a second mode in which the first type of sensing process is not performed.

Abstract: A fraud detection method for use in an in-vehicle network system including a plurality of electronic control units that communicate with one another via a bus in accordance with Controller Area Network (CAN) protocol is provided. The method includes receiving at least one data frame sent to the bus, verifying a specific identifier in the received data frame only if the received data frame does not follow a predetermined rule regarding a transmission period and a state of a vehicle having the in-vehicle network system mounted therein is a predetermined state, detecting the received data frame as an authenticated data frame if the verification is successful, and detecting the received data frame as a fraudulent data frame if the verification fails.

Abstract: An anti-fraud method for use in an in-vehicle network system including a plurality of electronic control units that exchange, in an in-vehicle network, data frames, each having added thereto a message authentication code (MAC). The method includes generating a first MAC by using a MAC key and a value of a counter that counts a number of times a data frame having added thereto a MAC is transmitted to the in-vehicle network. The method also includes performing verification that the data frame received has added thereto the generated first MAC and incrementing a number of error occurrences when the verification has failed for the data frame, the data frame including a predetermined ID. When the number of error occurrences exceeds a predetermined threshold, a process associated in advance with the predetermined ID is executed.

Abstract: An abnormality detection method is provided. The abnormality detection method is for detecting an abnormality that may be transmitted to a bus in an on-board network system. The on-board network system includes a plurality of electronic controllers that transmit and receive messages via the bus in a vehicle according to a CAN protocol. In the abnormality detection method, for example, a gateway transmits vehicle identification information to a server and receives a response determining a unit time. An operation process is performed using feature information based on a number of messages received from the bus per the determined unit time and using a model indicating a criterion in terms of a message occurrence frequency. A judgment is made as to an abnormality according to a result of the operation process.

Abstract: A communication unit receives a message in a network. A first anomaly detector detects an anomalous message by detecting values of a plurality of monitoring items from the message received by the communication unit and determining whether each of the detected values of the plurality of monitoring items is inside a corresponding first reference range and a corresponding second reference range. The second reference range is narrower than the first reference range. The first anomaly detector detects the message as the anomalous message, when any of the detected values is outside the first reference range, and detects the message as the anomalous message, when any of the detected values is inside the first reference range and is outside the second reference range and when a predetermined rule is satisfied.

Abstract: An unauthorized control suppression method for use in a network system is provided. The network system includes a plurality of electronic controllers that exchange, via a communication channel, a plurality of frames The plurality of frames includes at least one control frame that instructs predetermined control to an object of control. The method receives, sequentially, the plurality of frames from the communication channel, and determines whether the predetermined control, instructed by the control frame received in the receiving, is to be suppressed, based on a set of frames received in the receiving. The set of frames is received in the receiving within a predetermined period preceding a time of reception of the control frame.

Abstract: An unauthorized activity detection method is provided in an onboard network system having multiple electronic units (ECU) that perform communication via a bus, such that an occurrence of an unauthorized state can be detected by monitoring frames transmitted over the bus. The unauthorized activity detection method determines, by a monitoring electronic control unit using unauthorized activity detection rule information indicating a first condition, whether or not a set of frames received from the bus satisfies the first condition. The first condition being a condition regarding a relation in content between a first frame having a first identifier and a second frame having a second identifier that differs from the first identifier. And the method further detects the occurrence of the unauthorized state in a case where the first condition is not satisfied.

Abstract: An anomaly detection server is provided. The anomaly detection server is a server for counteracting an anomalous frame transmitted on an on-board network of a single vehicle. The anomaly detection server acquires information about multiple frames received on one or multiple on-board networks of one or multiple vehicles, including the single vehicle. The anomaly detection server, acting as an assessment unit that, based on the information about the multiple frames and information about a frame received on the on-board network of the single vehicle after the acquisition of the information about the multiple frames, assesses an anomaly level of the frame received on the on-board network of the single vehicle.

Abstract: A security apparatus is provided that is connected to a bus. The security apparatus includes a receiver that receives a first frame from the bus, a memory that stores an examination parameter defining a content of an examination on the first frame, and processing circuitry that performs operations. The performed operations include first determining whether a predetermined condition is satisfied for the first frame. The performed operations also include, in a case where the first determining determined that the predetermined condition is satisfied, updating the examination parameter stored in the memory. The performed operations further include second determining whether the first frame is an attack frame based on the updated examination parameter stored in the memory.

Abstract: A gateway serving as a security apparatus connected to one or a plurality of buses includes a receiver that receives a frame from a bus, a parameter storage that stores an examination parameter defining a content of an examination of the frame, an updater configured to, in a case where a predetermined condition is satisfied for the frame received by the receiver, update the examination parameter stored in the parameter storage, and an examiner that performs an examination, based on the examination parameter stored in the parameter storage, in terms of judgment of whether or not the frame received by the receiver is an attack frame.

Abstract: A gateway connected to a bus used for communication by a plurality of ECUs provided on-board a vehicle is provided with: an external communication unit that receives, from a server external to the vehicle, firmware update information that includes updated firmware for one ECU from among the plurality of ECUs; an ECU information acquiring unit that acquires system configuration information indicating the type of each of the plurality of ECUs connected to the bus; and a FW update processing unit that performs a controlling operation to update firmware of the relevant ECU based on the updated firmware, after an operation verification of the updated firmware is performed using an ECU of each type indicated by the system configuration information.

Abstract: An invalidity detection electronic control unit connected to a bus used by a plurality of electronic control units (ECUs) to communicate with one another in accordance with controller area network (CAN) protocol includes a receiving unit that receives a frame for which transmission is started and a transmitting unit that transmits an error frame on the bus before a tail end of the frame is transmitted if the frame received by the receiving unit meets a predetermined condition indicating invalidity and transmits a normal frame that conforms to the CAN protocol after the error frame is transmitted. Even when a reception error counter of the ECU connected to the bus is incremented due to the impact of the error frame, the reception error counter is decremented by the normal frame.

Abstract: A misuse detection electronic control unit in a vehicle network system including a plurality of electronic control units that communicate with one another through buses in accordance with a CAN protocol includes a transceiver unit that performs a reception step of receiving a target data frame and a reference data frame transmitted through the buses, wherein the target data frame is a data frame having a first identifier and wherein the reference data frame is a data frame having a second identifier different from the first identifier and a misuse detection process unit that performs a detection step of performing, as misuse detection for the target data frame, evaluation in accordance with a reception timing of the reference data frame and a reception timing of the target data frame on the basis of a certain rule specifying a reception interval between the reference data frame and the target data frame.

Abstract: An anti-fraud method for use in an in-vehicle network system including a plurality of electronic control units that exchange, in an in-vehicle network, data frames, each having added thereto a message authentication code (MAC). The method includes generating a first MAC by using a MAC key and a value of a counter that counts a number of times a data frame having added thereto a MAC is transmitted to the in-vehicle network. The method also includes performing verification that the data frame received has added thereto the generated first MAC and incrementing a number of error occurrences when the verification has failed for the data frame, the data frame including a predetermined ID. When the number of error occurrences exceeds a predetermined threshold, a process associated in advance with the predetermined ID is executed.

Abstract: An anti-fraud method for use in an in-vehicle network system including a plurality of electronic control units that exchange data frames, each having added thereto a message authentication code (MAC), via a bus includes receiving a data frame transmitted on the bus, and generating a first MAC by using a MAC key and a value of a counter that counts a number of times a data frame having added thereto a MAC is transmitted. The method also includes performing verification that the data frame received has added thereto the generated first MAC and incrementing a number of error occurrences when the verification has failed for the data frame, the data frame including a predetermined message ID. When the number of error occurrences exceeds a predetermined threshold, a process associated in advance with the predetermined message ID is executed.

Abstract: An anti-fraud method for use in an in-vehicle network system including a plurality of electronic control units that exchange data frames, each having added thereto a message authentication code (MAC), via a bus includes receiving a data frame transmitted on the bus, and generating a first MAC by using a MAC key and a value of a counter that counts a number of times a data frame having added thereto a MAC is transmitted. The method also includes performing verification that the data frame received has added thereto the generated first MAC and incrementing a number of error occurrences when the verification has failed for the data frame, the data frame including a predetermined message ID. When the number of error occurrences exceeds a predetermined threshold, a process associated in advance with the predetermined message ID is executed.

Abstract: An anti-fraud method for use in an in-vehicle network system including a plurality of electronic control units that exchange data frames, each having added thereto a message authentication code (MAC), via at least one bus includes: receiving a data frame transmitted on the bus; generating a first MAC by using a MAC key and a value of a counter that counts the number of times a data frame having added thereto a MAC is transmitted; in a case where the verification has failed, (i) generating as second MAC by using an old MAC key; (ii) re-verifying that the received data frame has added thereto the generated second MAC; transmitting, in a case where the re-verification has succeeded, via the bus a key-update frame indicating a request for updating the MAC key; and updating the MAC key in response to the transmission of the key-update frame.

Abstract: A gateway device, connected to one or more buses used in communication by a plurality of ECUs on-board a vehicle, is provided with: a receiving unit that receives, from a server that acts as an external device external to the vehicle, firmware update information that includes updated firmware to be applied to one ECU from among the plurality of ECUs; and a control unit that determines, based on certain information about the ECU on which to apply the updated firmware, whether or not the ECU satisfies a certain condition, and if the certain condition is satisfied, causes the ECU to execute a certain process related to updating firmware, whereas if the certain condition is not satisfied, causes equipment other than the ECU to execute the certain process.

Abstract: Provided is a fraud detection rule updating method enabling the updating of rules that serve as the basis for detecting malicious frames as necessary in an on-board network system. In an on-board network system equipped with multiple electronic control units (ECUs) that communicate via buses and fraud detecting ECUs that determine, based on fraud detection rules, whether messages transmitted on the buses conform to the rules, a fraud detection rule updating method is used in which delivery data including updated fraud detection rules is received from a server external to the on-board network system, and if a certain update condition is satisfied, the fraud detection rules in a fraud detecting ECU are updated to the updated fraud detection rules.

Abstract: An electronic control unit is connected to an in-vehicle network bus in an in-vehicle network system including a plurality of apparatuses that perform communication of frames via the bus. The electronic control unit includes a first control circuit and a second control circuit. The first control circuit is connected to the bus via the second control circuit over wired communication and/or wireless communication. The second control circuit performs a first determination process on a received frame received from the bus to determine the conformity with a first rule related to at least a reception interval, and, upon determining that the received frame conforms to the first rule, executes a predetermined process based on the content of the received frame. The first control circuit performs a second determination process on the received frame, received via the second control circuit, to determine the conformity with a second rule different from the first rule.