Search

US-12627624-B2 - Detection apparatus, detection method, and detection program

US12627624B2US 12627624 B2US12627624 B2US 12627624B2US-12627624-B2

Abstract

A detection apparatus detects an improper message on a vehicle-mounted network mounted in a vehicle. The detection apparatus includes: a message acquisition unit that acquires a transmission message on the vehicle-mounted network; and a determination unit that performs a determination relating to improper messages on the vehicle-mounted network by performing a determination on the transmission message acquired by the message acquisition unit. The determination unit is capable of outputting a second determination result relating to the transmission message in addition to a first determination result indicating whether or not the transmission message acquired by the message acquisition unit is an improper message.

Inventors

  • Fumiya Ishikawa

Assignees

  • AUTONETWORKS TECHNOLOGIES, LTD.
  • SUMITOMO WIRING SYSTEMS, LTD.
  • SUMITOMO ELECTRIC INDUSTRIES, LTD.

Dates

Publication Date
20260512
Application Date
20221013
Priority Date
20211026

Claims (14)

  1. 1 . A detection apparatus for detecting an improper message on a vehicle-mounted network mounted in a vehicle, the detection apparatus comprising: a message acquisition unit configured to acquire a transmission message on the vehicle-mounted network; and a determination unit configured to perform a first determination to determine if the transmission message acquired by the message acquisition unit message is one of a normal message, an improper message and an indeterminate message, the indeterminate message being a message that may be classified as either normal or improper, wherein the determination unit is capable of outputting a second determination for each message determined to be indeterminate, wherein the determination unit calculates a statistical value for the determination result to determine if the message is an improper message.
  2. 2 . The detection apparatus according to claim 1 , wherein the determination unit performs respectively different processing relating to the transmission message when the first determination result has been outputted and when the second determination result has been outputted.
  3. 3 . The detection apparatus according to claim 2 , wherein when the second determination result has been outputted, the determination unit generates log data indicating that the second determination result has been outputted.
  4. 4 . The detection apparatus according to claim 2 , wherein when the second determination result has been outputted as a first determination, the determination unit performs a second determination with a different content on another transmission message that differs to the transmission message subjected to the first determination, and determines whether or not an improper message is present based on a determination result of the second determination.
  5. 5 . The detection apparatus according to claim 4 , wherein the transmission message subjected to the first determination and the other transmission message subjected to the second determination indicate different types of measurement result relating to the vehicle.
  6. 6 . The detection apparatus according to claim 4 , wherein the transmission message subjected to the first determination indicates a measurement result for a vehicle speed of the vehicle, and the determination unit changes a determination criterion for the second determination in keeping with whether or not the measurement result for the vehicle speed satisfies a predetermined condition.
  7. 7 . The detection apparatus according to claim 4 , wherein the transmission message that is subjected to the first determination indicates a measurement result for a vehicle speed of the vehicle, the transmission message that is subjected to the second determination indicates a measurement result for an engine rotation speed of the vehicle, the detection apparatus further comprises a storage unit for storing a normal engine rotation speed, which is a measurement result of the engine rotation speed during normal operation when no improper message is present, and a fourth threshold that is determined based on the normal engine rotation speed, and in the second determination, the determination unit compares a difference between a measurement result of the engine rotation speed indicated by the transmission message and the normal engine rotation speed with the fourth threshold.
  8. 8 . The detection apparatus according to claim 1 , wherein the second determination result includes a plurality of types of determination result, and the determination unit performs weighting in keeping with the types when calculating the statistical value.
  9. 9 . The detection apparatus according to claim 1 , wherein the transmission message acquired by the message acquisition unit indicates a measurement result for a vehicle speed of the vehicle, the detection apparatus further comprises a storage unit for storing a normal vehicle speed, which is a measurement result of vehicle speed during normal operation when no improper message is present, and a first threshold and a second threshold that are in a magnitude-based relationship determined based on the normal vehicle speed, and the determination unit compares a difference between a measurement result for the vehicle speed indicated by the transmission message and the normal vehicle speed with the first threshold and the second threshold and outputs the first determination result or the second determination result in keeping with a comparison result.
  10. 10 . The detection apparatus according to claim 9 , wherein the storage unit further stores a third threshold that is larger than the first threshold and smaller than the second threshold, the determination unit outputs the second determination result when the difference is larger than the first threshold and equal to or less than the second threshold, and upon outputting the second determination result, the determination unit subjects the transmission message to a determination relating to improper messages using the third threshold stored in the storage unit.
  11. 11 . The detection apparatus according to claim 10 , wherein the detection apparatus further comprises a counter, and the determination unit changes a countup value of the counter in keeping with a magnitude-based relationship between the difference and the first threshold, the second threshold, and the third threshold and performs a determination relating to improper messages using a count value of the counter.
  12. 12 . The detection apparatus according to claim 11 , wherein the determination unit determines that an improper message is present when the count value of the counter is equal to or higher than a predetermined value, and the predetermined value is larger than a highest value out of a plurality of countup values of the counter.
  13. 13 . A detection method for a detection apparatus that detects an improper message on a vehicle-mounted network mounted in a vehicle, the detection method comprising: a step of acquiring a transmission message on the vehicle-mounted network; and a step of performing a first determination to determine if the transmission message is one of a normal message, an improper message and an indeterminate message, the indeterminate message being a message that may be classified as either normal or improper, a step of performing a second determination for each transmission message determined to be indeterminate, wherein the second determination is made by calculating a statistical value of the determination result to determine if the transmission message is an improper message.
  14. 14 . A computer program product used in a detection apparatus that detects an improper message on a vehicle-mounted network mounted in a vehicle, the computer program product comprising a non-transitory, machine-readable medium storing instructions which, when executed by at least one programmable processor, causes at least one programmable processor to perform operations comprising: acquiring a transmission message on the vehicle-mounted network; performing a first determination to determine if the transmission message is one of a normal message, an improper message and an indeterminate message, the indeterminate message being a message that may be classified as either normal or improper; and performing a second determination for each transmission message determined to be indeterminate, wherein the second determination is made by calculating a statistical value of the determination result to determine if the transmission message is an improper message.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS This application is the U.S. national stage of PCT/JP2022/038213 filed on Oct. 13, 2022, which claims priority of Japanese Patent Application No. JP 2021-174792 filed on Oct. 26, 2021, the contents of which are incorporated herein. TECHNICAL FIELD The present disclosure relates to a detection apparatus, a detection method, and a detection program. BACKGROUND JP2019-29961A discloses the impropriety detection method described below. That is, in an impropriety detection method used by a monitoring electronic control unit, which is connected to a network, on a vehicle-mounted network system, using impropriety detection rule information indicating a first condition, which is a condition for a relationship between the respective contents of a frame with a first identifier and a frame with a second identifier, whether or not a group of frames received from a network satisfies the first condition is determined, using impropriety detection rule information indicating a second condition, which is a condition for a relationship between the respective contents of a frame with the first identifier and a frame with a third identifier, whether or not a group of frames received from the network satisfies the second condition is determined, an abnormality level relating to transmission of a first type of frame is calculated according to the number of conditions determined as not being satisfied, and a predetermined frame is transmitted according to the calculated abnormality level. Vehicle-mounted network systems have been developed in the past to improve the security of vehicle-mounted networks. When determining whether or not a message transmitted from a vehicle-mounted apparatus on a vehicle-mounted network is an improper message according to data values and the like included in the message, it is possible to conceive of cases where it is difficult to make a clear judgment. The present disclosure was conceived to solve the issues described above, and it is an object of the present disclosure to provide a detection apparatus, a detection method, and a detection program that can more accurately detect improper messages on a vehicle-mounted network. SUMMARY A detection apparatus according to an aspect of the present disclosure is a detection apparatus for detecting an improper message on a vehicle-mounted network mounted in a vehicle, the detection apparatus including: a message acquisition unit configured to acquire a transmission message on the vehicle-mounted network; and a determination unit configured to perform a determination relating to improper messages on the vehicle-mounted network by performing a determination on the transmission message acquired by the message acquisition unit, wherein the determination unit is capable of outputting a second determination result relating to the transmission message in addition to a first determination result indicating whether or not the transmission message acquired by the message acquisition unit is an improper message. A detection method according to an aspect of the present disclosure is a detection method for a detection apparatus that detects an improper message on a vehicle-mounted network mounted in a vehicle, the detection method including: a step of acquiring a transmission message on the vehicle-mounted network; and a step of performing a determination relating to improper messages on the vehicle-mounted network by performing a determination on the acquired transmission message, wherein the determination relating to improper messages is capable of outputting a second determination result relating to the transmission message in addition to a first determination result indicating whether or not the acquired transmission message is an improper message. A detection program according to an aspect of the present disclosure is a detection program used in a detection apparatus that detects an improper message on a vehicle-mounted network mounted in a vehicle, the program causing a computer to function as: a message acquisition unit configured to acquire a transmission message on the vehicle-mounted network; and a determination unit configured to perform a determination relating to improper messages on the vehicle-mounted network by performing a determination on the transmission message acquired by the message acquisition unit, wherein the determination unit is capable of outputting a second determination result relating to the transmission message in addition to a first determination result indicating whether or not the transmission message acquired by the message acquisition unit is an improper message. The above aspects of the present disclosure may be realized not only as a detection apparatus equipped the characteristic processing unit described above, but may also be realized as a semiconductor integrated circuit that realizes part or all of a detection apparatus and may be realized as a vehicle-mounted communication system includ