JP-WO2025028500-A5 -

Dates

Publication Date

20260507

Application Date

20240730

Description

[SOME/IP message format] SOME/IP is a type of service-oriented communication that achieves service-oriented communication by combining four types of communication methods: Request/Response, Fire/Forget, Events, and Get/Set/Notifier. SOME/IP also includes Service Discovery (SD) as a method for establishing a session with a communication partner. The target ECU is configured to have an ECU equipped with a DPI unit that actually executes the generated DPI rules. In the complete DPI rule list in Figure 9, the DPI rules are listed based on the target ECU. Rule numbers are assigned to DPI rules for DPI rule management purposes. [Processing sequence] Figure 11 is a processing sequence diagram when an attack occurs from the handle control ECU 200c to the ADAS ECU 200a in Embodiment 1. In Figure 11, zone ECUs 100a and 100b collect flow information in the flow information collection unit 103, perform anomaly detection in the flow-based anomaly detection unit 104, and generate DPI rules in the DPI rule generation unit 105A based on the results. The DPI unit 202 of the ADAS ECU 200a applies the generated DPI rules, and security measures are taken based on the monitoring results of the DPI unit 202. The DPI rule forwarding unit 1105B selects an ECU on the path through which the DPI rule-monitored packet passes (S1102). The ECUs present on the path include the source ECU and destination ECU of the monitored packet, and zone ECUs present in the communication path between the source ECU and the destination ECU. In Figure 27, zone ECUs 1 100a and 100b are selected as zone ECUs on the path. It is also assumed that zone ECU 1 100b is the zone ECU that manages the source ECU. (2) In the above embodiment, the zone ECU collects the flow information, but this may be done by a device other than the zone ECU. For example, the head unit, central ECU, or Ethernet switch may collect the flow information.