| CPC H04L 63/1491 (2013.01) [H04L 67/12 (2013.01)] | 4 Claims |
|
1. An attack detection system comprising a first device and a second device, wherein
the first device having a first controller configured to execute:
monitoring communication to a first vehicle connected to a network, and
when it is detected that an attack on the first vehicle is being carried out from an attack source device, transmitting a first command for activating a honeypot server simulating a vehicle system of the first vehicle to the second device and transmitting a second command for transferring packets related to the attack, the packets being transmitted from the attacking device to the first vehicle, to the second device to a communication device that relays communication to the first vehicle in the network, and
the second device having the second controller configured to execute:
processing, by the honeypot server, the packets related to the attack, the packets being transmitted from the attack source device to the first vehicle and transferred to the second device by the communication device, wherein:
the first command further includes position information of the first vehicle, traveling direction of the first vehicle or speed of the first vehicle as first information about a running of the first vehicle, and
the second device, as a process related to the attack, causes the honeypot server to simulate the running of the first vehicle based on the first information and transmits packets related to a simulation of the running of the first vehicle as a response to the attack.
|