CPC H04L 63/1416 (2013.01) [G05B 23/0243 (2013.01); G05B 23/0251 (2013.01); G05B 23/0283 (2013.01); G06F 11/261 (2013.01); G06F 21/55 (2013.01); G06N 5/04 (2013.01); G06N 20/00 (2019.01); H04L 63/1425 (2013.01); H04L 63/1433 (2013.01); H04L 63/1441 (2013.01)] | 7 Claims |
1. A method for intrusion detection in a vehicle comprising:
detecting cyber attacks upon an equipment failures in the vehicle as anomalies;
passing the anomalies to an integrated vehicle health maintenance management (IVHM) hardware module, the IVHM hardware module residing in the vehicle;
at the IVHM hardware module, determining whether any patterns of the anomalies match patterns related to known equipment failures and removing such anomalies and generating maintenance plans for the known equipment failures when any patterns of anomalies match patterns related to the known equipment failures;
passing any anomalies having unrecognized patterns from the IVHM hardware module to a security operations center (SOC) remote from the vehicle;
investigating by the SOC the anomalies having unrecognized patterns to identify either a cyber attack or a new equipment failure pattern; and
when a new equipment failure pattern is identified, sending from the SOC information to the IVHM hardware module to add to a list of known equipment failures and associated anomaly patterns.
|