System and method for identifying compromised electronic controller using intentionally induced error
US-2022035916-A1 · Feb 3, 2022 · US
Post-gateway bus-off attack mitigation
US12184668B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12184668-B2 |
| Application number | US-202117356033-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 23, 2021 |
| Priority date | Jun 23, 2021 |
| Publication date | Dec 31, 2024 |
| Grant date | Dec 31, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems, apparatuses, and methods to identify bus-off and masquerade attacks against electronic control units (ECUs) transmitting on a communication bus from behind a gateway coupled to the communication bus are described. The disclosure further describes systems, apparatuses, and methods to mitigate against bus-off attacks made against an ECU coupled to a communication bus through a gateway. Other embodiments are described and claimed.
First claim
Opening claim text (preview).
What is claimed is: 1. A computing apparatus comprising: a processor; and memory storing instructions, which when executed by the processor configure the apparatus to: identify a first plurality of messages transmitted on a communication bus; determine whether the first plurality of messages have the same transmission frequency as a plurality of target messages, the plurality of target messages transmitted onto the communication bus by a target electronic control unit (ECU); determine whether the first plurality of messages are transmitted within a threshold time from the plurality of target messages; flag the first plurality of messages as messages associated with a bus-off attack by a first ECU against the target ECU based on a determination that the first plurality of messages have the same transmission frequency as the plurality of target messages and based on a determination that the first plurality of messages are transmitted within the threshold time from the plurality of target messages; identify the first ECU as a malicious actor that injected the first plurality of messages onto the communication bus to cause the bus-off attack against the target ECU; and cause, based on the transmission frequency, a plurality of bus-off messages to be transmitted on the communication bus to counter the bus-off attack to force the first ECU off the communication bus. 2. The computing apparatus of claim 1 , the instructions when executed by the processor configure the apparatus to flag the first ECU as a malicious ECU based on determination that the first plurality of messages have the same transmission frequency as the plurality of target messages and based on a determination that the first plurality of messages are transmitted within the threshold time from the plurality of target messages, the first ECU associated with the first plurality of messages. 3. The computing apparatus of claim 2 , the instructions when executed by the processor configure the apparatus to: identify a transmission frequency of messages transmitted by the first ECU; and initiate a bus-off campaign against the first ECU. 4. The computing apparatus of claim 3 , the instructions when executed by the processor configure the apparatus to: generate the plurality of bus-off messages; cause, based on the transmission frequency, the plurality of bus-off messages to be transmitted onto the communication bus to collide with messages transmitted onto the communication bus by the first ECU. 5. The computing apparatus of claim 1 , the instructions when executed by the processor configure the apparatus to randomize a frequency at which messages are caused to be transmitted onto the communication bus by the target ECU. 6. The computing apparatus of claim 1 , the instructions when executed by the processor configure the apparatus to: generate the plurality of target messages; and cause the plurality of target messages to be transmitted onto the communication bus by the target ECU. 7. The computing apparatus of claim 6 , the instructions when executed by the processor configure the apparatus to: generate a plurality of additional messages, the plurality of additional messages having a different message identifier than the plurality of target messages; and cause the plurality of additional messages to be transmitted onto the communication bus. 8. The computing apparatus of claim 1 , wherein the communication bus is an in-vehicle (IVN) network, the processor coupled to the IVN via a gateway. 9. A method, comprising: identifying a first plurality of messages transmitted on a communication bus; determining whether the first plurality of messages have the same transmission frequency as a plurality of target messages, the plurality of target messages transmitted onto the communication bus by a target electronic control unit (ECU); determining whether the first plurality of messages are transmitted within a threshold time from the plurality of target messages; flagging the first plurality of messages as messages associated with a bus-off attack by a first ECU against the target ECU based on a determination that the first plurality of messages have the same transmission frequency as the plurality of target messages and based on a determination that the first plurality of messages are transmitted within the threshold time from the plurality of target messages; identifying the first ECU as a malicious actor that injected the first plurality of messages onto the communication bus to cause the bus-off attack against the target ECU; and causing, based on the transmission frequency, a plurality of bus-off messages to be transmitted on the communication bus to counter the bus-off attack to force the first ECU off the communication bus. 10. The method of claim 9 , comprising flagging the first ECU as a malicious ECU based on determination that the first plurality of messages have the same transmission frequency as the plurality of target messages and based on a determination that the first plurality of messages are transmitted within the threshold time from the plurality of target messages, the first ECU associated with the first plurality of messages. 11. The method of claim 10 , comprising: identifying a transmission frequency of messages transmitted by the first ECU; and initiating a bus-off campaign against the first ECU. 12. The method of claim 11 , comprising: generating the plurality of bus-off messages; causing, based on the transmission frequency, the plurality of bus-off messages to be transmitted onto the communication bus to collide with messages transmitted onto the communication bus by the first ECU. 13. The method of claim 9 , comprising randomizing a frequency at which messages are caused to be transmitted onto the communication bus by the target ECU. 14. The method of claim 9 , comprising: generating the plurality of target messages; and causing the plurality of target messages to be transmitted onto the communication bus by the target ECU. 15. The method of claim 14 , comprising: generating a plurality of additional messages, the plurality of additional messages having a different message identifier than the plurality of target messages; and causing the plurality of additional messages to be transmitted onto the communication bus. 16. The method of claim 9 , wherein the communication bus is an in-vehicle (IVN) network, the target ECU coupled to the IVN via a gateway. 17. A non-transitory computer-readable storage medium, the computer-readable storage medium including instructions that when executed by a computer, cause the computer to: identify a first plurality of messages transmitted on a communication bus; determine whether the first plurality of messages have the same transmission frequency as a plurality of target messages, the plurality of target messages transmitted onto the communication bus by a target electronic control unit (ECU); determine whether the first plurality of messages are transmitted within a threshold time from the plurality of target messages; flag the first plurality of messages as messages associated with a bus-off attack by a first ECU against the target ECU based on a determination that the first plurality of messages have the same transmission frequency as the plurality of target messages and based on a determination that the first plurality of messages are transmitted within the threshold time from the plurality of target messages; identify the first ECU as a malicious actor that injected the first plurality of messages onto the communication bu
Assignees
Inventors
Classifications
Bus networks · CPC title
Controller Area Network CAN · CPC title
the transportation system being a vehicle · CPC title
Arrangements for connecting between networks having differing types of switching systems, e.g. gateways · CPC title
service impersonation, e.g. phishing, pharming or web spoofing (detection of rogue wireless access points H04W12/12) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12184668B2 cover?
- Systems, apparatuses, and methods to identify bus-off and masquerade attacks against electronic control units (ECUs) transmitting on a communication bus from behind a gateway coupled to the communication bus are described. The disclosure further describes systems, apparatuses, and methods to mitigate against bus-off attacks made against an ECU coupled to a communication bus through a gateway. O…
- Who is the assignee on this patent?
- Intel Corp
- What technology area does this patent fall under?
- Primary CPC classification H04L12/40104. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Dec 31 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).