What technology area does this patent fall under?

Primary CPC classification H04L63/1416. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Feb 18 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Attack detection device, attack detection method, and non-transitory computer-readable recording medium

US10567400B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10567400-B2
Application number	US-201715711605-A
Country	US
Kind code	B2
Filing date	Sep 21, 2017
Priority date	Sep 27, 2016
Publication date	Feb 18, 2020
Grant date	Feb 18, 2020

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

An attack detection device executes a process that includes receiving a message periodically transmitted from a communication device in a network, calculating a reception range for receiving a message including identification information in a reference message selected from the received messages by using a transmission period of a message identified by the identification information, the message being transmitted two or more periods after the reference message, storing the reception range associated with an order of reception of a message predicted to be received in the reception range when the reference message is used as a reference, and determining that an attack on the network is detected when a reception time of the received message including the identification information is not within the reception range associated with the order of reception of the received message in a case where the reference message is used as a reference.

First claim

Opening claim text (preview).

What is claimed is: 1. An attack detection device comprising: a storage; a receiver configured to receive messages periodically transmitted from a communication device in a network; and a processor configured to execute a process including: calculating a plurality of reception ranges in which periodic messages are predicted to be received, the periodic messages each including identification information identical to that included in a reference message that is selected from the received messages and each being transmitted two or more periods after the reference message, the reception ranges each being calculated by using a transmission period of its corresponding periodic message identified by the identical identification information; storing, in the storage, the reception ranges and orders in association with each other, each of the orders being a predicted order of reception of its corresponding periodic message, the predicted order being predicted in reference to the reference message; and determining that an attack on the network is detected when a reception time of a certain message including the identification information does not belong to a reception range associated with the order of reception of the certain message among the reception ranges each associated, in the storage, with the order of reception of its corresponding periodic message in reference to the reference message. 2. The attack detection device according to claim 1 , the process further comprising: calculating reception ranges of a plurality of messages transmitted two or more periods after the reference message by using a reception time of the reference message and the transmission period. 3. The attack detection device according to claim 1 , the process further comprising: calculating a reception range of a second received message that is received after a prescribed number of messages from a first received message that is received after the reference message by using a reception time of the first received message and the transmission period; and associating the calculated reception range of the second received message with the order of reception of the second received message in a case where the reference message is used as a reference. 4. The attack detection device according to claim 1 , the process further comprising: calculating a starting time of a reception range of each of messages transmitted two or more periods after the reference message; and determining that an attack on the network is detected when the reception time of the received message including the identification information is before the starting time of the reception range associated with the order of reception of the received message in a case where the reference message is used as a reference. 5. The attack detection device according to claim 1 , the process further comprising: invalidating the order of reception of the received message when the reception time of the received message is not within the reception range associated with the order of reception. 6. An attack detection method executed by a processor, the attack detection method comprising: receiving messages periodically transmitted from a communication device in a network; calculating a plurality of reception ranges in which periodic messages are predicted to be received, the periodic messages each including identification information identical to that included in a reference message that is selected from the received messages and each being transmitted two or more periods after the reference message, the reception ranges each being calculated by using a transmission period of its corresponding periodic message identified by the identical identification information; storing the reception ranges and orders in association with each other, each of the orders being a predicted order of reception of its corresponding periodic message, the predicted order being predicted in reference to the reference message; and determining that an attack on the network is detected when a reception time of a certain message including the identification information does not belong to a reception range associated with the order of reception of the certain message among the reception ranges each associated with the order of reception of its corresponding periodic message in reference to the reference message. 7. The attack detection method according to claim 6 , the method further comprising calculating reception ranges of a plurality of messages transmitted two or more periods after the reference message by using a reception time of the reference message and the transmission period. 8. The attack detection method according to claim 6 , the method further comprising: calculating a reception range of a second received message that is received after a prescribed number of messages from a first received message that is received after the reference message by using a reception time of the first received message and the transmission period; and associating the calculated reception range of the second received message with the order of reception of the second received message in a case where the reference message is used as a reference. 9. The attack detection method according to claim 6 , the method further comprising: calculating a starting time of a reception range of each of messages transmitted two or more periods after the reference message; and determining that an attack on the network is detected when the reception time of the received message including the identification information is before the starting time of the reception range associated with the order of reception of the received message in a case where the reference message is used as a reference. 10. The attack detection method according to claim 6 , the method further comprising invalidating the order of reception of the received message when the reception time of the received message is not within the reception range associated with the order of reception. 11. A non-transitory computer-readable recording medium having stored therein an attack detection program that causes a computer to execute a process comprising: receiving messages periodically transmitted from a communication device in a network; calculating a plurality of reception ranges in which periodic messages are predicted to be received, the periodic messages each including identification information identical to that included in a reference message that is selected from the received messages and each being transmitted two or more periods after the reference message, the reception ranges each being calculated by using a transmission period of its corresponding periodic message identified by the identical identification information; storing the reception ranges and orders in association with each other, each of the orders being a predicted order of reception of its corresponding periodic message, the predicted order being predicted in reference to the reference message; and determining that an attack on the network is detected when a reception time of a certain message including the identification information does not belong to a reception range associated with the order of reception of the certain message among the reception ranges each associated with the order of reception of its corresponding periodic message in reference to the reference message. 12. The non-transitory computer-readable recording medium according to claim 11 , the process further comprising calculating reception ranges of a plurality of messages transmitted two or more periods after the reference message by using a reception time of the reference message and the transmi

Assignees

Fujitsu Ltd

Inventors

Classifications

H04L63/1416Primary
Event detection, e.g. attack signature detection · CPC title
H04L2012/40215
Controller Area Network CAN · CPC title
H04L12/40
Bus networks · CPC title
H04L63/1425Primary
Traffic logging, e.g. anomaly detection · CPC title

Patent family

Related publications grouped by family.

View patent family 61564100

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10567400B2 cover?: An attack detection device executes a process that includes receiving a message periodically transmitted from a communication device in a network, calculating a reception range for receiving a message including identification information in a reference message selected from the received messages by using a transmission period of a message identified by the identification information, the messag…
Who is the assignee on this patent?: Fujitsu Ltd
What technology area does this patent fall under?: Primary CPC classification H04L63/1416. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Feb 18 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).