Abstract: A statistical information generation device that generates statistical information from Ethernet frames on a mobility network includes: a transceiver that transmits and receives the Ethernet frames; and a statistical information generator that collects a plurality of Ethernet frames transmitted or received by the transceiver within a predetermined time period, and classifies, out of the plurality of Ethernet frames collected, Ethernet frames containing the same destination IP address, source IP address, destination port number, source port number, and protocol, and containing, in payloads, same identification information related to mobility control, into the same group, generates the statistical information for each group from the Ethernet frames classified into groups, and transmits the generated statistical information from the transceiver.

Abstract: An electronic control unit (ECU) is provided. The ECU is connected to a first network in an onboard network system. The onboard network system includes the first network and a second network. In the first network, first-type frames are transmitted following a first communication protocol. In the second network, second-type frames are transmitted following a second communication protocol. The first-type frame includes first information serving as a base for the second-type frame to be transmitted to the second network, and second information indicating that the first-type frame includes information that is to be transmitted to the second network. The ECU includes a generator that generates the first-type frame following the first communication protocol, and a transmitter that transmits, to the first network, the first-type frame generated by the generator.

Abstract: An information processing method of processing data frames flowing over an onboard network includes a frame collecting step of obtaining, from each of received data frames, a payload included in the data frame and configured of at least one field, and recording in a reception log as one record, and a field extracting step of calculating, regarding each of a plurality of payload splitting pattern candidates indicating different regions within payloads of the plurality of data frames, one or more features relating to time-sequence change of values of the payload in the region, from the plurality of records, selecting a payload splitting pattern indicating a region of a field within the payload, based on the features, and outputting field extracting results indicating the region indicated by the selected payload splitting pattern candidate, and a category of the field based on the features.

Abstract: An abnormality detection method is provided. The abnormality detection method is for detecting an abnormality that may be transmitted to a bus in an on-board network system. The on-board network system includes a plurality of electronic controllers that transmit and receive messages via the bus in a mobility entity. In the abnormality detection method, for example, a gateway transmits identification information to a server and receives a response determining a unit time. An operation process is performed using feature information based on a number of messages received from the bus per the determined unit time and using a model indicating a criterion in terms of a message occurrence frequency. A judgment is made as to an abnormality according to a result of the operation process.

Abstract: A method for use in a network communication system including a plurality of electronic controllers that communicate with each other via a bus in accordance with a Controller Area Network (CAN) protocol determines whether or not content of a predetermined field in a frame which has started to be transmitted meets a predetermined condition indicating fraud. In a case where the content of the predetermined field meets the predetermined condition, an error frame is transmitted before an end of the frame is transmitted. A number of times the error frame is transmitted is recorded for each identifier (ID) represented by content of an ID field included in a plurality of frames which has been transmitted. A malicious electronic controller is determined in accordance with the number of times recorded for each ID.

Abstract: A threat information analysis server includes: an update manager that manages update information indicating that function addition to an IoT device is performed; a threat information manager that stores threat information of a cyberattack; a risk level manager that manages risk level information defining a risk level of the IoT device; a related threat information manager that manages the threat information and related threat information associating the IoT device with the risk level; a risk level updater that associates the threat information and the risk level of the IoT device with each other and updates the related threat information, based on the update information; and an outputter that outputs the related threat information managed by the related threat information manager.

Abstract: A gateway device for a vehicle network system installed in a vehicle is provided. The vehicle network system includes a network, an electronic control unit connected to the network, and the gateway device connected to the first network and configured to communicate outside the vehicle. The gateway device receives a first frame from outside the vehicle; determines whether or not the first frame is appropriate; generates a second frame when the first frame is not determined to be appropriate; and transmits the second frame to the network. The second frame includes control information and additional information based on content of the first frame. The control information restricts processing of the additional information included in the second frame by the electronic control unit, after the second frame is received by the electronic control unit.

Abstract: A gateway connected to a bus, a bus, and the like used by a plurality of electronic control units for communication includes a frame communication unit that receives a frame, a transfer control unit that removes verification information used to verify a frame from the content of the frame received by the frame communication unit and transfers the frame to a destination bus or that adds verification information to the content of the frame and transfers the frame to the destination bus, and the like.

Abstract: In a fraud-detection method for use in an in-vehicle network system including a plurality of electronic control units (ECUs) that exchange messages on a plurality of networks, a plurality of fraud-detection ECUs each connected to a different one of the networks, and a gateway device, a fraud-detection ECU determines whether a message transmitted on a network connected to the fraud-detection ECU is malicious by using rule information stored in a memory. The gateway device receives updated rule information transmitted to a first network among the networks, selects a second network different from the first network, and transfers the updated rule information only to the second network. A fraud-detection ECU connected to the second network acquires the updated rule information and updates the rule information stored therein by using the updated rule information.

Abstract: A network hub is provided for an onboard network system. The onboard network system includes first and second networks for transmission of first-type and second-type frames following first and second communication protocols. The network hub includes a receiver that receives a first-type frame. A processor determines whether or not the first-type frame received by the receiver includes first information that is a base for a second-type frame to be transmitted to the second network, to obtain a determination result, and selects a port to send a frame based on the first-type frame based on the determination result. A transmitter sends the frame based on the first-type frame to a wired transmission path connected to the port selected by the processor based on the first-type frame received by the receiver.

Abstract: An electronic control unit connected to a bus of a first network where first-type frames are transmitted following a first communication protocol and a second network where second-type frames are transmitted following a second communication protocol in an onboard network system. The electronic control unit sequentially receives the first-type and the second-type frames from the bus and the second network respectively, and stores in first and second reception buffers, respectively. The electronic control unit sequentially generates first-type data and second-type data by referencing the contents of the first reception buffer and the second reception buffer, and stores the first-type and second-type data in first and second transmission buffers, respectively. The first-type data is traveling control data for a vehicle, and the second-type data is other data. The first-type or second-type data that is priority type data is transmitted with priority.

Abstract: A communication device is a communication device connected to a mobility network which is a network mounted in a mobility and which is used by a plurality of electronic control devices for communication. The communication device includes: a holding unit which holds range information indicating a transferable path range determined for a message on the mobility network; a receiving unit which receives the message on the mobility network; and a determining unit which determines validity of the received message by using the range information.

Abstract: A hub is connected to first and second networks where first-type and second-type frames are transmitted following first and second communication protocols. The hub sequentially receives each of the first-type and second-type frames, and stores data in first and second reception buffers. If the destination of data stored in the first and second reception buffers is the first network, the hub stores the data in a first transmission buffer. If the destination is the second network, the hub stores the data in a second transmission buffer. If the first transmission buffer is a priority transmission buffer, the hub transmits priority data in the first transmission buffer with priority over non-priority data in the second transmission buffer, which is a non-priority transmission buffer.

Abstract: An electronic control unit (ECU) is provided. The ECU is connected to a first network in an onboard network system. The onboard network system includes the first network and a second network. In the first network, first-type frames are transmitted following a first communication protocol. In the second network, second-type frames are transmitted following a second communication protocol. The ECU generates first-type frames following the first communication protocol, and transmits the generated first-type frames to the first network. The ECU receives external information indicating state information of a device on the onboard network system received from another electronic control unit connected to the first network or the second network, or receives external information indicating information received from a communication module configured to communicate with the server via an external network.

Abstract: An information processing method of processing data frames flowing over an onboard network includes a frame collecting step of obtaining, from each of received data frames, a payload included in the data frame and configured of at least one field, and recording in a reception log as one record, and a field extracting step of calculating, regarding each of a plurality of payload splitting pattern candidates indicating different regions within payloads of the plurality of data frames, one or more features relating to time-sequence change of values of the payload in the region, from the plurality of records, selecting a payload splitting pattern indicating a region of a field within the payload, based on the features, and outputting field extracting results indicating the region indicated by the selected payload splitting pattern candidate, and a category of the field based on the features.

Abstract: A method used in an on-board network system, having electronic controllers that exchange messages and a fraud detecting electronic controller. The method includes determining whether a message transmitted conforms to fraud detection rules, and querying an external device whether there is delivery data for updating the fraud detection rules. When there is the delivery data for updating the fraud detection rules, receiving from an external device the delivery data, including updated fraud detection rules and network type information indicating a network type that the updated fraud detection rules are to be applied. The method also includes determining whether a vehicle in which the on-board network system is installed is running, and whether the network type information indicates a drive network that is connected to an electronic controller related to travel of the vehicle. When the network type information does not indicate the drive network, updating the fraud detection rules.

Abstract: The monitoring device includes a receiver and a processor. The receiver receives a frame from a communication network. The processor performs a first determination that determines whether the frame is illegal based on a result of message authentication for the frame and a second determination that determines whether the frame is illegal based on a state of the frame and a predetermined rule. In addition, the processor executes, in accordance with a combination of a result of the first determination and a result of the second determination, at least one of processing for the frame, processing for a transmission source device of the frame, change of contents to be notified to an external device, and change of priority of notification to the external device.

Abstract: An abnormality detection method is provided. The abnormality detection method is for detecting an abnormality that may be transmitted to a bus in an on-board network system. The on-board network system includes a plurality of electronic controllers that transmit and receive messages via the bus in a vehicle according to a CAN protocol. In the abnormality detection method, for example, a gateway transmits vehicle identification information to a server and receives a response determining a unit time. An operation process is performed using feature information based on a number of messages received from the bus per the determined unit time and using a model indicating a criterion in terms of a message occurrence frequency. A judgment is made as to an abnormality according to a result of the operation process.

Abstract: A gateway device for a vehicle network system is provided. The vehicle network system includes a first network, a second network, a first electronic control unit connected to the first network, a second electronic control unit connected to the second network, and the gateway device connected to the first network and the second network. The gateway device receives a first frame transmitted to the first network by the first electronic control unit; determines whether or not the first frame is appropriate; generates a second frame when the first frame is not determined to be appropriate; and transmits the second frame to the second network. The second frame includes control information and additional information based on content of the first frame. The control information restricts processing of the additional information included in the second frame by the second electronic control unit.

Abstract: A gateway connected to a bus, a bus, and the like used by a plurality of electronic control units for communication includes a frame communication unit that receives a frame, a transfer control unit that removes verification information used to verify a frame from the content of the frame received by the frame communication unit and transfers the frame to a destination bus or that adds verification information to the content of the frame and transfers the frame to the destination bus, and the like.