| CPC G06F 21/552 (2013.01) [G06F 2221/034 (2013.01)] | 15 Claims |
|
1. A center device comprising:
a receiver unit that receives a log that vehicle-mounted equipment mounted in a vehicle transmits based on an external transmission rule defining the log to be transmitted to outside of the vehicle;
a log analyzer unit that analyzes the log to detect occurrence of a cyber attack;
an external transmission rule update determiner unit that, upon the log analyzer unit detecting the cyber attack, determines update of the external transmission rule based on a result of the detecting; and
a transmitter unit that transmits an external transmission rule update instruction to the vehicle-mounted equipment upon determining the update of the external transmission rule;
wherein:
the vehicle-mounted equipment includes constituent elements that are defined in layers, respectively;
the constituent elements of the vehicle-mounted equipment include a communication electronic control unit (ECU) that is a contact point with the outside of the vehicle;
a depth of each of the layers becomes deeper as a distance from the communication ECU increases;
as an attack depth of the cyber attack is deeper, the external transmission rule update determiner unit sets an external transmission target to the log that is generated in a deeper layer among the layers;
the constituent elements of the vehicle-mounted equipment additionally include an electronic control device, a security sensor, and an open system interconnection (OSI) model element;
the security sensor is a constituent element of the electronic control device, and the OSI model element is a constituent element of the security sensor;
the OSI model element includes a data link layer, a network layer, a transport layer, and an application layer that become deeper in a stated order;
the external transmission rule update determiner unit sets the external transmission target using different kinds of the constituent elements in accordance with the attack depth of the cyber attack;
the communication ECU belongs to a first layer of the layers;
the constituent elements of the vehicle-mounted equipment include, as the electronic control device, a central ECU connected to the communication ECU and belonging to a second layer of the layers;
the central ECU includes, as the security sensor, a security sensor for network monitoring and a security sensor for host monitoring that belongs to a layer deeper than the security sensor for network monitoring;
when the attack depth of the cyber attack to the communication ECU is deeper than a first level, the external transmission rule update determiner unit sets the external transmission target to all logs generated in the central ECU;
when the attack depth of the cyber attack to the communication ECU is shallower than a second level, the external transmission rule update determiner unit sets the external transmission target to logs generated in the data link layer, the network layer, and the transport layer included in the OSI model element in the security sensor for network monitoring;
when the attack depth of the cyber attack to the communication ECU is between the first level and the second level, the external transmission rule update determiner unit sets the external transmission target to all logs generated in the security sensor for network monitoring;
when the attack depth of the cyber attack to the communication ECU is deeper than the first level is a case where the there is a possibility that control in the communication ECU is already hacked;
when the attack depth of the cyber attack to the communication ECU is between the first level and the second level is a case where there is a possibility of intrusion into the communication ECU; and
when the attack depth of the cyber attack to the communication ECU is shallower than the second level is a case where unauthorized communication is observed in the communication ECU.
|