Ethernet network-profiling intrusion detection control logic and architectures for in-vehicle controllers
US-2021075800-A1 · Mar 11, 2021 · US
Method and device for handling an anomaly in a communication network
US11228605B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11228605-B2 |
| Application number | US-201916424889-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 29, 2019 |
| Priority date | Jun 13, 2018 |
| Publication date | Jan 18, 2022 |
| Grant date | Jan 18, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A device and method for handling an anomaly in a communication network of a motor vehicle includes at least one detector analyzing a data stream in the communication network, recognizing at least one anomaly using a rule-based anomaly recognition method if at least one parameter for a data packet of the data stream deviates from a target value, and sending information about the at least one recognized anomaly via the communication network.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for handling an anomaly in a communication network, the method comprising: performing, by each of a plurality of detectors, a rule-based anomaly recognition to: identify a deviation of at least one parameter of a data packet of a data stream in the communication network from a target value; and based on the identified deviation, recognize presence of at least one anomaly; and the plurality of detectors sending information about the recognized at least one anomaly via the communication network; aggregating, by at least one aggregator, the information about the recognized at least one anomaly sent from the plurality of detectors; sending, to at least one actuator by the at least one aggregator via the communication network, the aggregated information about the recognized at least one anomaly; and initiating, by the at least one actuator, at least one countermeasure for handling the recognized at least one anomaly, based on the aggregated information about the recognized at least one anomaly sent from the aggregator via the communication network; wherein the plurality of detectors are situated at different devices in the communication network; wherein the communication network, the plurality of detectors, the at least one aggregator, and the at least one actuator are situated in a motor vehicle wherein the at least one countermeasure includes: (i) modifying or rejecting at least one Ethernet packet, and/or (ii) blocking a port, and/or (iii) excluding a network participant. 2. The method of claim 1 , wherein at least two of the plurality of detectors are in a same subnetwork of the communication network. 3. The method of claim 1 , wherein the at least one actuator includes at least two actuators situated at different devices in the communication network. 4. The method of claim 1 , wherein the at least one actuator includes at least two actuators, which are situated at different devices that are in different subnetworks of the communication network. 5. The method of claim 1 , further comprising: at least two aggregators situated at different devices in the communication network aggregating information about recognized anomalies; and another aggregator aggregating the aggregated information of at least two aggregators. 6. The method of claim 1 , further comprising an interface at least one of (a) communicating recognized anomalies to a backend and (b) receiving instructions from a backend. 7. The method of claim 1 , wherein the data stream is between control devices within at least one subnetwork of the communication network. 8. The method of claim 1 , wherein the data stream is between control devices of different subnetworks of the communication network that are connected to one another via a gateway or control device. 9. The method of claim 1 , wherein a detector of the plurality of detectors is distributed over a plurality of control devices in the communication network. 10. The method of claim 1 , further comprising an actuator of the as least one actuator sending instructions about at least one countermeasure to a plurality of other actuators via the communication network. 11. The method as recited in claim 1 , wherein an aggregator of the at least one aggregator is distributed over a plurality of control devices in the communication network. 12. The method as recited in claim 1 , wherein at least one of the plurality of detectors is situated in a gateway. 13. A non-transitory computer-readable medium on which are stored instructions that are executable by a processor and that, when executed by the processor, cause the processor to perform a method for handling an anomaly in a communication network, the method comprising: performing, by each of a plurality of detectors, a rule-based anomaly recognition to: identify a deviation of at least one parameter of a data packet of a data stream in the communication network from a target value; and based on the identified deviation, recognize presence of at least one anomaly; and the plurality of detectors sending information about the recognized at least one anomaly via the communication network; aggregating, by at least one aggregator, the information about the recognized at least one anomaly sent from the plurality of detectors; sending, to at least one actuator by the at least one aggregator via the communication network, the aggregated information about the recognized at least one anomaly; and initiating, by the at least one actuator, at least one countermeasure for handling the recognized at least one anomaly, based on the aggregated information about the recognized at least one anomaly sent from the aggregator via the communication network; wherein the plurality of detectors are situated at different devices in the communication network; wherein the communication network, the plurality of detectors, the at least one aggregator, and the at least one actuator are situated in a motor vehicle wherein the at least one countermeasure includes: (i) modifying or rejecting at least one Ethernet packet, and/or (ii) blocking a port, and/or (iii) excluding a network participant. 14. A device for handling an anomaly in a communication network, the device comprising: a plurality of detectors, each of the plurality of detectors configured to: perform a rule-based anomaly recognition to: identify a deviation of at least one parameter of a data packet of a data stream in the communication network from a target value; and based on the identified deviation, recognize presence of at least one anomaly; and send information about the recognized at least one anomaly via the communication network; at least one aggregator configured to: aggregate the information about the recognized at least one anomaly sent from the plurality of detectors; and send, to at least one actuator by the at least one aggregator via the communication network, the aggregated information about the recognized at least one anomaly; and the at least one actuator, wherein the at least one actuator in configured to initiate at least one countermeasure for handling the recognized at least one anomaly, based on the aggregated information about the recognized at least one anomaly sent from the aggregator via the communication network; wherein the plurality of detectors are situated at different devices in the communication network; and wherein the communication network, the plurality of detectors, the at least one aggregator, and the at least one actuator are situated in a motor vehicle; wherein the at least one countermeasure includes: (i) modifying or rejecting at least one Ethernet packet, and/or (ii) blocking a port, and/or (iii) excluding a network participant.
Assignees
Inventors
Classifications
- H04L63/1425Primary
Traffic logging, e.g. anomaly detection · CPC title
- H04L63/1416Primary
Event detection, e.g. attack signature detection · CPC title
specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks · CPC title
Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11228605B2 cover?
- A device and method for handling an anomaly in a communication network of a motor vehicle includes at least one detector analyzing a data stream in the communication network, recognizing at least one anomaly using a rule-based anomaly recognition method if at least one parameter for a data packet of the data stream deviates from a target value, and sending information about the at least one rec…
- Who is the assignee on this patent?
- Bosch Gmbh Robert
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1425. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jan 18 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 9 related publications on this page (citations in our corpus or others sharing the same primary CPC).