| CPC H04L 63/1425 (2013.01) | 14 Claims |
|
1. An attack monitoring center apparatus, comprising:
a receiver unit configured to receive an event log transmitted from an attack monitoring terminal apparatus via a communication network;
a storage configured to store an event log occurrence pattern database that describes event log occurrence patterns including a first pattern and a second pattern, which are expected when receiving cyber attacks,
the first pattern being referred to in response to an abnormality being detected in the attack monitoring center apparatus,
the second pattern being referred to in response to an abnormality being detected in the attack monitoring terminal apparatus;
an event log analyzer unit configured to detect an abnormality based on the event log and the first pattern; and
a transmitter unit configured to transmit the second pattern to the attack monitoring terminal apparatus in response to the abnormality being detected by the event log analyzer unit;
wherein the attack monitoring terminal apparatus is installed inside a vehicle and the attack monitoring center apparatus is installed outside of the vehicle;
wherein the first pattern is assigned a first event indicating a precursory behavior of a cyber attack and the second pattern is assigned a second event indicating a main attack behavior of the cyber attack;
wherein the transmitter unit is configured to transmit only the second pattern for detecting the main attack behavior;
wherein the attack monitoring apparatus is configured to detect an abnormality only in the main attack behavior of the cyber attack on a vehicle side; and
wherein an amount of resources required to detect the abnormality using the first pattern is greater than an amount of resources required to detect the abnormality using the second pattern.
|