Data determination apparatus, data determination method, and computer readable medium
US-2017279622-A1 · Sep 28, 2017 · US
Intrusion detection device, intrusion detection method, and computer readable medium
US11089033B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11089033-B2 |
| Application number | US-201616081397-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 26, 2016 |
| Priority date | Apr 26, 2016 |
| Publication date | Aug 10, 2021 |
| Grant date | Aug 10, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A state detection section (105) detects states of a plurality of controllers (300, 400) included in a communication system (600). An attack determination section (103) selects, from among a plurality of whitelists (110) each of which is associated with a combination of states, a whitelist (110) associated with the combination of the states of the plurality of controllers (300, 400) detected by the state detection section (105). The attack determination section (103) detects an attack on the communication system (600) by using the selected whitelist (110).
First claim
Opening claim text (preview).
The invention claimed is: 1. An intrusion detection device, comprising: a memory storing a respective predefined control state transition rule for each of the plurality of devices; and processing circuitry to: detect a current control state for each of a plurality of devices included in a communication system; determine, for each of the plurality of devices, whether the current control state detected for the device conforms to the respective predefined state transition rule stored for the device: determine a current system state corresponding to a combination of the current control states detected for the plurality of devices; determine whether the combination of the detected current control states of the plurality of devices corresponds to a predefined combination when the detected control state of each device is determined to conform to its respective predefined state transition rule; select, from among a plurality of whitelists each of which is associated with a combination of states, a whitelist associated with the current system state when the combination of the detected current control states is determined to correspond to the predefined combination; and detect an attack on the communication system by using the whitelist selected. 2. The intrusion detection device according to claim 1 , wherein the processing circuitry causes a device involved in an attack on the communication system among the plurality of devices to perform a fail-safe operation when the attack on the communication system is detected. 3. The intrusion detection device according to claim 1 , wherein the processing circuitry generates the plurality of whitelists, associating the plurality of whitelists with a plurality of combinations of control states, and selects, from among the plurality of whitelists generated, a whitelist associated with the combination of the detected control states of the plurality of devices. 4. An intrusion detection method, comprising: storing a respective predefined control state transition rule for each of a plurality of devices included in the communication system; detecting a current control state for each of the plurality of devices included in a communication system; determining, for each of the plurality of devices, whether the current control state detected for the device conforms to the respective predefined state transition rule stored for the device; determining a current system state corresponding to a combination of the current control states detected for the plurality of devices; determining whether the combination of the detected current control states of the plurality of devices corresponds to a predefined combination when the detected control state of each device is determined to conform to its respective predefined state transition rule; selecting, from among a plurality of whitelists each of which is associated with a combination of states, a whitelist associated with the current system state; when the combination of the detected current control states is determined to correspond to the predefined combination; and detecting an attack on the communication system by using the selected whitelist. 5. A non-transitory computer readable medium storing an intrusion detection program that causes a computer to execute: a process of storing a respective predefined control state transition rule for each of a plurality of devices included in the communication system; a state detection process of detecting a current control state for each of the plurality of devices included in a communication system; a process of determining, for each of the plurality of devices, whether the current control state detected for the device conforms to the respective predefined state transition rule stored for the device; a current system state determining process of determining a current system state corresponding to a combination of the current control states detected for the plurality of devices; a process of determining whether the combination of the detected current control states of the plurality of devices corresponds to a predefined combination when the detected control state of each device is determined to conform to its respective predefined state transition rule; a selection process of selecting, from among a plurality of whitelists each of which is associated with a combination of states, a whitelist associated with the current system state when the combination of the detected current control states is determined to correspond to the predefined combination; and an attack detection process of detecting an attack on the communication system by using the whitelist selected by the selection process.
Assignees
Inventors
Classifications
- H04L63/0254Primary
Stateful filtering · CPC title
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title
Rule management · CPC title
Access control lists [ACL] · CPC title
- G06F21/55Primary
Detecting local intrusion or implementing counter-measures · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11089033B2 cover?
- A state detection section (105) detects states of a plurality of controllers (300, 400) included in a communication system (600). An attack determination section (103) selects, from among a plurality of whitelists (110) each of which is associated with a combination of states, a whitelist (110) associated with the combination of the states of the plurality of controllers (300, 400) detected by …
- Who is the assignee on this patent?
- Mitsubishi Electric Corp
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0254. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 10 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).