US 12,235,953 B2
Attack analyzer, attack analysis method and attack analysis program
Keigo Nagara, Kariya (JP); Taiji Abe, Kariya (JP); and Reiichiro Imoto, Kariya (JP)
Assigned to DENSO CORPORATION, Kariya (JP)
Filed by DENSO CORPORATION, Kariya (JP)
Filed on Mar. 14, 2022, as Appl. No. 17/693,469.
Claims priority of application No. 2021-056122 (JP), filed on Mar. 29, 2021.
Prior Publication US 2022/0309153 A1, Sep. 29, 2022
Int. Cl. G06F 21/55 (2013.01)
CPC G06F 21/552 (2013.01) [G06F 2221/034 (2013.01)] 18 Claims
OG exemplary drawing
 
1. An attack analyzer comprising a processor coupled to a memory configured to execute:
a common log acquisition unit acquiring a common security log from a common security log generation unit, the common security log including:
(a) abnormality information indicating an abnormality detected by an electronic control system, and
(b) a common abnormality position indicating an abnormality position of the abnormality converted to be common among the electronic control system and other electronic control systems;
an attack/abnormality relationship table storage unit storing an attack/abnormality relationship table indicating a relationship among:
(c) an attack type of an attack on the electronic control system,
(d) predicted abnormality information indicating a predicted abnormality predicted to occur when the electronic control system is attacked, and
(e) a common predicted abnormality position indicating a predicted abnormality position of the predicted abnormality converted to be common among the electronic control system and the other electronic control systems;
an estimation unit estimating the attack type of the attack received by the electronic control system from a combination of (A) the predicted abnormality information corresponding to a combination of (a) the abnormality information and (b) the common abnormality position, and (B) the common predicted abnormality position; and
an output unit outputting attack information including the attack type, wherein
the common security log generation unit includes
an individual log acquisition unit acquiring an individual security log including the abnormality information and the abnormality position,
a positional relationship table storage unit storing a positional relationship table, which shows a relationship between (a) an individual position, which is a position in the electronic control system, and (b) a common position, which is a position of the individual position converted to be common between the electronic control system and the other electronic control systems, and
a commonality converter unit converting the abnormality position to the common abnormality position using the positional relationship table.