Abstract: A gateway device for a vehicle network system installed in a vehicle is provided. The vehicle network system includes a network, an electronic control unit connected to the network, and the gateway device connected to the first network and configured to communicate outside the vehicle. The gateway device receives a first frame from outside the vehicle; determines whether or not the first frame is appropriate; generates a second frame when the first frame is not determined to be appropriate; and transmits the second frame to the network. The second frame includes control information and additional information based on content of the first frame. The control information restricts processing of the additional information included in the second frame by the electronic control unit, after the second frame is received by the electronic control unit.

Abstract: A fraud detecting method for use in an in-vehicle network system including a plurality of electronic control units that communicate with each other via a network includes detecting whether a state of a vehicle satisfies a first condition or a second condition, and switching, upon detecting that the state of the vehicle satisfies the first condition or the second condition, an operation mode of a fraud-sensing electronic control unit connected to the network between a first mode in which a first type of detecting process for detecting a fraudulent message in the network is performed and a second mode in which the first type of detecting process is not performed.

Abstract: A communication log aggregation device includes: a communicator that obtains flow information including one or more flow records and first statistical information for each flow from each of collection devices, the one or more flow records each including flow identification information included in a message received by at least one observer that is disposed in a control network system, the flow being classified based on the flow identification information, the collection devices each collecting the one or more flow records and the first statistical information for each flow from the message received by the observer; and a flow aggregator that generates aggregated flow information by performing at least one of the following: (i) selecting at least one of the one or more flow records, (ii) adding second statistical information, and (iii) deleting at least one of the one or more flow records, and outputs the aggregated flow information.

Abstract: A security device connected to a plurality of networks in a vehicle is provided. The security device determines, with regard to a frame received from a first network, whether to transmit a determination request for the frame outside the vehicle. The security device transmits the determination request outside the vehicle in a case where it is determined to transmit the determination request outside the vehicle, transmits, before obtaining a determination result from outside the vehicle in accordance with the determination request, the frame to a second network, and then obtains determination results from outside the vehicle in accordance with the determination request. The security device outputs presentation information in accordance with the determination result.

Abstract: An anomaly detection system is a system in an in-vehicle network system that includes one or more ECUs mounted on a vehicle and in which the vehicle and a server are capable of communicating with each other through a plurality of communication routes. The anomaly detection system includes: an anomaly detector that detects an anomaly in the vehicle; a determiner that determines, out of the plurality of communication routes, a communication route for transmitting anomaly detection result information indicating a result of detection of the anomaly in the vehicle to the server, according to occurrence of a specific anomaly; and an anomaly detection result transmitter that transmits the anomaly detection result information to the server using the communication route determined.

Abstract: An anomaly detecting device includes a flow collector that collects an amount of flow communication traffic in each of two or more networks in an in-vehicle network system that including the two or more networks, the amount of flow communication traffic being information obtained by tallying an amount of communication traffic of one or more frames classified according to a predetermined rule that is based on header information of a network protocol; and an anomaly detector that calculates, based on the amount of flow communication traffic, an observed ratio indicating a ratio of respective amounts of communication traffic in the two or more networks and determines whether the two or more networks are anomalous based on the observed ratio calculated and a normal ratio indicating a ratio of respective amounts of communication traffic in the two or more networks in a normal state.

Abstract: An anomaly detection method in an in-vehicle network system in which a plurality of ECUs are connected. Among the plurality of ECUs, at least one ECU includes a detector which determines whether a received message satisfies a predetermined rule, and the at least one ECU transmits the detection result determined to a network. The anomaly detection method includes (i) receiving the detection result from the network, and storing the detection result received in a memory, (ii) determining whether the detection result is received within a predetermined time, and storing a determination result in the memory in association with the detection result, and (iii) outputting a message to the outside, the message including the detection result in association with the determination result.

Abstract: A vehicle log transmission device includes: an anomaly detector that obtains a vehicle log from at least one electronic control unit, detects an anomaly based on log information in the vehicle log, and extracts log information in which the anomaly is detected as an anomaly log; an anomaly notifier that transmits the anomaly log to a server; a change instructor that, based on a vehicle state extracted from the vehicle log, transmits, to the at least one electronic control unit, a change instruction to change a save priority level of the log information included in the vehicle log; and a vehicle log request responder that, when a vehicle log request is received, obtains the vehicle log including log information saved based on the save priority level changed in response to the change instruction, and transmits the vehicle log obtained to the server.

Abstract: An in-vehicle relay device prevents an anomaly of a control command exchanged over networks having different transmittable data sizes in a frame. The in-vehicle relay device relays communication between multiple control devices in a vehicle over the networks to which the control devices are connected. The in-vehicle relay device receives control data from a first control network. The control data includes, in a frame, a plurality of control commands to be executed by at least one of the control devices. The in-vehicle relay device determines, as a first determination, whether types of the control commands included in the frame form a first combination that is preset as a combination of control commands that are executable simultaneously. The in-vehicle relay device thereafter determines, as a second determination, whether the control data is anomalous by using the result of the first determination, and outputs the result of the second determination.

Abstract: The control network system is connected to electronic control unit(s) and a communication device, and includes security sensor(s) that transmits a security alert indicating that an indication of a security breach is detected to the network, if the indication is detected in at least one of the network, the electronic control unit(s), or the communication device. The intrusion path analysis device includes: an alert obtainer that obtains the security alert from the security sensor(s); an event obtainer that obtains an event history of an event that occurs in the control network system; and an intrusion path analyzer that performs an analysis on an intrusion path of an attack on the basis of the security alert, the event history, and an intrusion depth indicating an intrusion level to be assumed in a case the security alert occurs, and that outputs a result of the analysis.

Abstract: A frame transmission prevention apparatus connected to a network of a network system including a plurality of electronic control units communicating with one another via the network is provided. The apparatus includes a processor and a memory. The memory includes at least one set of instructions that causes the processor to perform processes when executed by the processor. The processes include receiving a first frame from the network and switching whether to perform a first process for preventing transmission of the first frame on the basis of management information indicating whether prevention of transmission of a frame is permitted if the first frame satisfies a first condition.

Abstract: A security apparatus includes a receiver that receives a frame front at least one network, a parameter storage that stores at least one examination parameter defining a content of an examination on a frame, and processing circuitry that performs operations. The operations include judging whether a predetermined condition is satisfied for the frame received by the receiver. When the predetermined condition is satisfied, updating the stored at least one examination parameter, and when the predetermined condition is not satisfied, not updating the stored at least one examination parameter. The operations also include executing an examination, based on the stored at least one examination parameter, as to whether the frame received by the receiver is an attack frame, and performing a process depending on a result of the execution of the examination such that an influence of an attack frame on at least one electronic control unit is suppressed.

Abstract: An electronic control unit is connected to a network in an in-vehicle network system. The electronic control unit includes a first control circuit and a second control circuit. The first control circuit is connected to the network via the second control circuit. The second control circuit performs a first determination process on a frame to determine conformity of the frame with a first rule. Upon determining that the frame conforms to the first rule, the second control circuit transmits the frame to the first control circuit. The first control circuit performs a second determination process on the frame to determine conformity of the frame with a second rule. The second rule is different from the first rule.

Abstract: An abnormality detection method is provided. The abnormality detection method is for detecting an abnormality that may be transmitted to a bus in an on-board network system. The on-board network system includes a plurality of electronic controllers that transmit and receive messages via the bus in a mobility entity. In the abnormality detection method, for example, a gateway transmits identification information to a server and receives a response determining a unit time. An operation process is performed using feature information based on a number of messages received from the bus per the determined unit time and using a model indicating a criterion in terms of a message occurrence frequency. A judgment is made as to an abnormality according to a result of the operation process.

Abstract: An electronic control unit is connected to a network in an in-vehicle network system. The electronic control unit includes a first control circuit and a second control circuit. The first control circuit is connected to the network via the second control circuit. The second control circuit performs a first determination process on a frame to determine conformity of the frame with a first rule. Upon determining that the frame conforms to the first rule, the second control circuit transmits the frame to the first control circuit. The first control circuit performs a second determination process on the frame to determine conformity of the frame with a second rule. The second rule is different from the first rule.

Abstract: A gateway device connected to a network used in communication by multiple electronic control units provided on-board a vehicle. The gateway device performs operations including receiving firmware update information that includes updated firmware for one electronic control unit among the electronic control units, and acquiring system configuration information indicating a function of each of the electronic control units connected to the network. The gateway device further performs a controlling operation to update firmware of the one electronic control unit, for which updated firmware is received by the receiving, on a basis of the updated firmware, after an operation verification of the updated firmware is performed in an operating environment appropriately. The operating environment being configured with electronic control units of the same functions as each of the electronic control units indicated by the system configuration information.

Abstract: An anomaly detection electronic control unit (ECU) that detects unauthorized messages on a communication path is provided. An ECU that periodically transmits a first-type message including data to be monitored, and an ECU that periodically transmits a second-type message including data for comparison, are connected to the communication path. The anomaly detection ECU includes: a receiver that successively receives first-type and second-type messages; a processor that determines whether a first-type message received is normal or anomalous; and a transmitter that transmits a predetermined message in accordance with results of the determining.

Abstract: A vehicle network system employing a controller area network protocol includes a bus, a first electronic control unit, and a second electronic control unit. The first electronic control unit transmits, via the bus, at least one data frame including an identifier relating to data used for a calculation for obtaining a message authentication code indicating authenticity of transmission content. The second electronic control unit receives the at least one data frame transmitted vis the bus and verifies the message authentication code in accordance with the identifier included in the at least one data frame.

Abstract: Provided is a network monitor for a mobility network used in a mobility entity. The mobility network is formed of a source unit, a destination unit, and one or more repeaters. Each repeater includes a network monitor that receives, from the source unit, an announcement for a bandwidth reservation. The announcement includes a value of a first bandwidth requirement for the source unit to perform first data communication. The network monitor further determines a determination result of whether to reserve the first bandwidth by comparing the value of the first bandwidth with a range of values of a second bandwidth for the first data communication specified in a white list stored in a database. The network monitor reserves the first bandwidth for performing the first data communication depending on the determination result, and transmits, to the source unit, a reservation status of the first bandwidth.

Abstract: An anomalous vehicle detection server includes an anomaly score calculator that detects a suspicious behavior different from a predetermined driving behavior based on pieces of vehicle information that are received from a plurality of vehicles, respectively, and are each based on a vehicle log including the content of an event that has occurred in a vehicle system provided in the vehicle, and acquires an anomaly score of each of the plurality of vehicles that indicates a likelihood that reverse engineering is performed on the vehicle; and an anomalous vehicle determiner that determines whether one vehicle of the plurality of vehicles is an anomalous vehicle based on the anomaly score of the one vehicle and a statistical value of the anomaly scores of two or more vehicles of the plurality of vehicles.