| CPC G06F 21/552 (2013.01) [B60W 40/09 (2013.01); B60W 40/12 (2013.01); G06F 21/14 (2013.01); G06F 21/55 (2013.01); H04L 63/1425 (2013.01); H04W 4/48 (2018.02)] | 12 Claims |
|
1. A vehicle surveillance device that conducts surveillance of an in-vehicle network system including one or more electronic control units, the vehicle surveillance device comprising:
a frame receiver that receives a frame flowing over the in-vehicle network system; and
a score calculator that:
detects a suspicious behavior different from a normal driving behavior based on the frame received by the frame receiver and vehicle data including information on one or more frames received by the frame receiver prior to receiving the frame; and
calculates, based on a detection result, a score indicating a likelihood that reverse engineering has been performed on a vehicle provided with the in-vehicle network system, wherein
the reverse engineering includes an activity performed by an attacker in a stage of investigating the in-vehicle network system, before gaining unauthorized control of the vehicle,
the suspicious behavior detected is classified into a stage among a plurality of stages in the reverse engineering,
the score calculator calculates the score for each of the plurality of stages,
the plurality of stages includes at least two stages selected among a passive monitoring, an active monitoring, an injection, and a refinement,
the passive monitoring is a stage that attempts to acquire the vehicle data,
the active monitoring is a stage that attempts to acquire the vehicle data under a specific circumstance or while a specific function of the vehicle is in operation,
the injection is a stage that attempts to inject a frame into the in-vehicle network system, and
the refinement is a stage that attempts to inject a frame that improves an accuracy of another frame to be injected into the in-vehicle network system.
|