Method and system for reflectometry based communication network monitoring, intrusion detection, and message authentication
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-029/06
H04B-001/3822
H04L-029/08
출원번호
US-0595584
(2015-01-13)
등록번호
US-9578047
(2017-02-21)
발명자
/ 주소
Laifenfeld, Moshe
Polevoy, Yuval
Julson, Timothy D.
Baltes, Kevin M.
Cohen, Omer
출원인 / 주소
GM GLOBAL TECHNOLOGY OPERATIONS LLC
대리인 / 주소
Lorenz & Kopf, LLP
인용정보
피인용 횟수 :
0인용 특허 :
3
초록▼
Systems and methods are provided for monitoring and detecting intrusions and authenticating messages on a communication network of a vehicle. A plurality of signals transmitted over communications network between an electronic control module and a remote electronic module are monitored. Reflectometr
Systems and methods are provided for monitoring and detecting intrusions and authenticating messages on a communication network of a vehicle. A plurality of signals transmitted over communications network between an electronic control module and a remote electronic module are monitored. Reflectometry feature sets are extracted from the plurality of signals and compared to a repository of predetermined communication network feature sets to generate a mismatch value. The mismatch value is compared to a predetermined threshold range and an authenticated event occurs when the mismatch value is within the predetermined threshold range. When the mismatch value is outside the predetermined threshold range, a flagged event occurs and is recorded.
대표청구항▼
1. A method of monitoring and detecting intrusions on an communications network, comprising: monitoring, with a reflectometer, a plurality of communication channels on the communication network, the communication channels each transmitting a plurality of signals between an electronic control module
1. A method of monitoring and detecting intrusions on an communications network, comprising: monitoring, with a reflectometer, a plurality of communication channels on the communication network, the communication channels each transmitting a plurality of signals between an electronic control module and a remote electronic control module;extracting a reflectometry feature set from each of the plurality of signals transmitted over each of the communication channels;comparing the extracted reflectometry feature sets to a repository of predetermined communication network feature sets to generate a mismatch value;determining that an authenticated event has occurred when the mismatch value is within a predetermined threshold range and continuing to monitor the plurality of communication channels;determining that a flagged event has occurred when the mismatch value is outside the predetermined threshold range; andrecording the flagged event in a memory module. 2. The method of claim 1, further comprising: sending the extracted reflectometry feature sets to a cyber security anomaly detection module when the flagged event has occurred; anddetermining, with the cyber security anomaly detection module, that an intrusion has occurred based on at least one extracted reflectometry feature set. 3. The method of claim 2, further comprising: storing, by the cyber security anomaly detection module, a history of flagged events and corresponding extracted reflectometry feature sets; anddetermining, with the cyber security anomaly detection module, that the intrusion has occurred based on the history of flagged events and corresponding extracted reflectometry feature sets. 4. The method of claim 1, further comprising establishing the repository of predetermined communication network feature sets based on an initial communications network baseline. 5. The method of claim 1, further comprising recalibrating the repository of predetermined communication network feature sets based on a recalibration event. 6. The method of claim 1, further comprising: identifying the remote electronic control module associated with the signal corresponding to the authenticated event;comparing a content of the signal corresponding to the authenticated event to a command repository of a plurality of commands associated with the remote electronic control module;confirming that the authenticated event has occurred when the content of the signal corresponding to the authenticated event matches at least one command in the command repository and continuing to monitor the plurality of communication channels;determining that the flagged event has occurred when the content of the signal corresponding to the authenticated event does not match at least one command in the command repository; andrecording the flagged event in a memory module. 7. A system for monitoring and detecting intrusions on a communications network, comprising: an electronic control module having a first processor module and a first memory module, the electronic control module configured to send and receive a plurality of signals on a plurality of communication channels of the communications network;a remote electronic control module configured to send and receive the plurality of signals from the electronic control module over the communication channels;a repository of predetermined communication network feature sets; anda reflectometer having a second processor module and a second memory module, the reflectometer configured to extract a reflectometry feature set from each of the plurality of signals transmitted over the communication channels and calculate a mismatch value corresponding to the difference between the reflectometry feature set and the corresponding communication network feature set,wherein an authenticated event occurs when the mismatch value is within a predetermined threshold range and a flagged event occurs when the mismatch value is outside the predetermined threshold range, the flagged event recorded in at least one of the first memory module and the second memory module. 8. The system of claim 7, further comprising a cyber security anomaly detection module having a third processor module and a third memory module, the cyber security anomaly detection module configured to receive the reflectometry feature sets when a flagged event has occurred and determine that an intrusion has occurred based on at least one reflectometry feature set. 9. The system of claim 8, wherein the cyber security anomaly detection module is configured to determine that the intrusion has occurred based on a history of flagged events and corresponding extracted reflectometry feature sets. 10. The system of claim 7, wherein the repository of predetermined communication network feature sets is established based on an initial communications network baseline. 11. The system of claim 7, wherein the repository of predetermined communication network feature sets is recalibrated based on a recalibration event. 12. The system of claim 7, further comprising: a command repository of a plurality of commands each corresponding to one of the at least one remote electronic control module,wherein the electronic control module is configured to identify the remote electronic control module associated with the signal corresponding to the authenticated event and compare a content of the signal to the command corresponding to the identified remote electronic control module, and the authenticated event is confirmed when the content of the signal matches the command from the command repository and the flagged event occurs when the content of the signal does not match the command in the command repository, the flagged event recorded in at least one of the electronic control module and the reflectometer. 13. The system of claim 7, further comprising: a repository of predetermined signal signatures each corresponding to one of the at least one remote electronic control module,wherein the reflectometer is configured to extract a signal signature corresponding to each signal received by the electronic control module and calculate a signature mismatch value corresponding to the difference between the signal signature and the predetermined signal signature, and the authenticated event occurs when signature mismatch value is within a predetermined signature range and the flagged event occurs when the signature mismatch value is outside the predetermined signature range, the flagged event recorded in at least one of the electronic control module and the reflectometer. 14. A vehicle, comprising: a communications network; anda system for monitoring and detecting intrusions on the communications network, the system comprising: an electronic control module having a first processor module and a first memory module, the electronic control module configured to send and receive a plurality of signals on a plurality of communication channels of the communications network;a remote electronic control module configured to send and receive the plurality of signals from the electronic control module over the communication channels;a repository of predetermined communication network feature sets; anda reflectometer having a second processor module and a second memory module, the reflectometer configured to extract a reflectometry feature set from each of the plurality of signals transmitted over the communication channels and calculate a mismatch value corresponding to the difference between the reflectometry feature set and the corresponding communication network feature set,wherein an authenticated event occurs when the mismatch value is within a predetermined threshold range and a flagged event occurs when the mismatch value is outside the predetermined threshold range, the flagged event recorded in at least one of the first memory module and the second memory module. 15. The vehicle of claim 14, further comprising a cyber security anomaly detection module having a third processor module and a third memory module, the cyber security anomaly detection module configured to receive the reflectometry feature sets when a flagged event has occurred and determine that an intrusion has occurred based on at least one reflectometry feature set. 16. The vehicle of claim 15, further comprising a history of flagged events and the corresponding reflectometry feature sets, wherein the cyber security anomaly detection module is configured to determine that the intrusion has occurred based on the history of flagged events and corresponding extracted reflectometry feature sets. 17. The vehicle of claim 14, wherein the repository of predetermined communication network feature sets is established based on an initial communications network baseline. 18. The system of claim 14, wherein the repository of predetermined communication network feature sets is recalibrated based on a recalibration event. 19. The vehicle of claim 14, further comprising: a command repository of a plurality of commands each corresponding to one of the at least one remote electronic control module,wherein the electronic control module is configured to identify the remote electronic control module associated with the signal corresponding to the authenticated event and compare a content of the signal to the command corresponding to the identified remote electronic control module, and the authenticated event is confirmed when the content of the signal matches the command from the command repository and the flagged event occurs when the content of the signal does not match the command in the command repository, the flagged event recorded in at least one of the electronic control module and the reflectometer. 20. The vehicle of claim 14, further comprising: a repository of predetermined signal signatures each corresponding to one of the at least one remote electronic control module,wherein the reflectometer is configured to extract a signal signature corresponding to each signal received by the electronic control module and calculate a signature mismatch value corresponding to the difference between the signal signature and the predetermined signal signature, and the authenticated event occurs when signature mismatch value is within a predetermined signature range and the flagged event occurs when the signature mismatch value is outside the predetermined signature range, the flagged event recorded in at least one of the electronic control module and the reflectometer.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (3)
Kani Hiroyuki,JPX ; Goto Masahiro,JPX ; Hayashi Ikuo,JPX ; Tsuzuki Takeo,JPX, Intrusion detecting apparatus for a vehicle.
Fiechter, Claude-Nicolas; Goker, Mehmet H.; Grill, Daniel; Kaufmann, Rainer; Engelhardt, Thorsten; Bertsche, Achim, Method and system for condition monitoring of vehicles.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.