CAN bus protection systems and methods

CAN bus signal format inference includes: extracting candidate signals from training CAN bus message traffic; defining one or more signals, each signal being a candidate signal that matches structural characteristics of a matching data type and each signal being assigned the matching data type; and...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Thornton, Douglas A, LoVerde, Ian, Wee, Colin
Format: Patent
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:CAN bus signal format inference includes: extracting candidate signals from training CAN bus message traffic; defining one or more signals, each signal being a candidate signal that matches structural characteristics of a matching data type and each signal being assigned the matching data type; and generating an inferred CAN bus protocol with which the defined one or more signals conform. Signals are extracted from CAN bus message traffic using the inferred CAN bus protocol, an anomaly in an extracted signal is detected, and an alert is generated indicating the detected anomaly. In another aspect, a transport protocol (TP) signal is extracted and analyzed to determine a fraction of the TP signal that matches opcodes of a machine language instruction set, and an anomaly is detected based at least in part on the determined fraction exceeding an opcode anomaly threshold.