| CPC H04L 63/1425 (2013.01) [H04L 63/029 (2013.01); H04L 63/1416 (2013.01); H04L 63/20 (2013.01)] | 14 Claims |
|
1. An electronic device connected to an in-vehicle network, for providing security to the in-vehicle network, the electronic device comprising:
at least one processor; and
a memory in which instructions are recorded, wherein the instructions, when executed by the at least one processor, cause the at least one processor to implement:
a message queue module configured to store network messages collected from the in-vehicle network in a message queue;
a storage configured to store a rule set used in a plurality of detection techniques; and
a rule engine configured to update the rule set stored in the storage with a new rule set downloaded from a backend server on an external network, and sequentially apply the plurality of detection techniques to a collected network message so as to determine whether the collected network message is a security threat message, the plurality of detection techniques including a static detection technique, a misuse detection technique, and an anomaly detection technique, and
wherein the rule engine is further configured to:
apply to the collected network message the static detection technique, the misuse detection technique, and the anomaly detection technique in an order as recited; and
bypass a subsequent application of remaining detection techniques to the collected network message in response to any one of the plurality of detection techniques determining the collected network message as a security threat message, thereby minimize the execution of the anomaly detection technique that is relatively time-consuming, requires relatively high computational power and causes false positive problems relatively frequently compared to the static detection technique and the misuse detection technique.
|