	US 12,139,169 B2
	System and method for detecting exploitation of a component connected to an in-vehicle network
Yaron Galula, Kadima (IL); and Nizzan Kruvi, Tel-Aviv (IL)
Assigned to Argus Cyber Security Ltd, Tel Aviv (IL)
Appl. No. 16/637,770
Filed by Argus Cyber Security Ltd, Tel Aviv (IL)
PCT Filed Aug. 9, 2018, PCT No. PCT/IL2018/050888 § 371(c)(1), (2) Date Feb. 10, 2020, PCT Pub. No. WO2019/030763, PCT Pub. Date Feb. 14, 2019.
Claims priority of provisional application 62/543,397, filed on Aug. 10, 2017.
Prior Publication US 2020/0216097 A1, Jul. 9, 2020
Int. Cl. B60W 60/00 (2020.01); G08G 1/00 (2006.01); H04W 12/00 (2021.01); H04W 12/50 (2021.01); H04W 12/67 (2021.01); H04L 9/06 (2006.01)

CPC B60W 60/00188 (2020.02) [G08G 1/20 (2013.01); H04W 12/009 (2019.01); H04W 12/50 (2021.01); H04W 12/67 (2021.01); H04L 9/0643 (2013.01)]

20 Claims

1. A security system comprising:

a security layer embedded in a component connected to an in-vehicle network and adapted to:

detect an occurrence of an event related to exploitation of the component based on a deviation from an expected behavior, wherein a deviation is detected based on identifying the occurrence of an unexpected sequence of events;

wherein the occurrence of an unexpected sequence of events is at least one of:

an execution of a sequence of programs,

a consecutive or repetitive executions of the same program,

a calling of a set of functions or APIs in a specific sequence or order, and

accessing a set of resources in a specific sequence or order; and

if a deviation is detected, then log the event.