Method of updating fraud detection rules for detecting malicious frames, fraud detecting electronic control unit, and on-board network system

What is claimed is: 1 . A method used in an on-board network system provided with a plurality of electronic controllers that exchange messages by communication over one or more networks, and a fraud detecting electronic controller connected to the one or more networks, the method comprising: receiving an inquiry for a vehicle status indicating whether or not a vehicle in which the fraud detecting electronic controller is installed is running from an external device, transmitting the vehicle status to the external device, determining, in the fraud detecting electronic controller, whether or not a message transmitted on the one or more networks connected to the fraud detecting electronic controller conforms to the rules based on fraud detection rules; receiving, from the external device external to the on-board network system, the delivery data including updated fraud detection rules and network type information indicating one of a plurality of network types to which the updated fraud detection rules are to be applied: determining whether or not the vehicle is running; when the vehicle is determined to be running, additionally determining whether or not the network type information indicates a drive network that is connected to an electronic controller related to travel of the vehicle, (i) when the network type information indicates the drive network, not conducting an update process with the updated fraud detection rules; and (ii) when the network type information does not indicate the drive network, updating the fraud detection rules to the updated fraud detection rules. 2 . The method according to claim 1 , wherein when the network type connected to the fraud detecting electronic controller is indicated by the network type information, the fraud detecting electronic controller treats a certain update condition as satisfied, and performs the update. 3 . The method according to claim 1 , wherein the delivery data includes a plurality of updated fraud detection rules and network type information indicating a network type corresponding to each of the plurality of updated fraud detection rules, and the fraud detecting electronic controller conducts the receiving of the delivery data by communicating with the external device, extracts from the delivers’ data updated fraud detection rules corresponding to network type information matching the network type connected to the fraud detecting electronic controller, and updates the fraud detection rules associated with the determination to the extracted updated fraud detection rules. 4 . The method according to claim 1 , wherein the delivery data includes a plurality of updated fraud detection rules and network type information indicating network type corresponding to each of tire plurality of updated fraud detection rules, one of the electronic controllers conducts the receiving of the delivery data, includes each of the updated fraud detection rules from the delivery data in a message with an attached message ID for updating fraud detection rules according to the network type indicated by the corresponding network type information, and transmits the message over the one or more networks, and the fraud detecting electronic controller receives, from the one or more networks, the message with the message ID for updating fraud detection rules according to the network type connected to the fraud detecting electronic controller, and updates the fraud detection rules associated with the determination to the updated fraud detection rules included in the message. 5 . The method according to claim 1 , wherein the delivery data includes associated information, a certain update condition is a condition related to the associated information, and the updating of the fraud detection rules is conducted when the associated information in the received delivery data satisfies the certain update condition, and is not conducted when the associated information does not satisfy the certain update condition. 6 . The method according to claim 5 , wherein whether or not the certain update condition is satisfied is determined according to a result of comparing the associated information to information stored by the electronic controller or the fraud detecting electronic controller. 7 . The method according to claim 6 . wherein the associated information indicates a version of the updated fraud detection rules, and when the associated information indicates a version newer than the version of the fraud detection rules serving as a basis of the determination, the fraud detecting electronic controller treats the certain update condition as satisfied, and conducts the update. 8 . The method according to claim 5 , wherein the associated information indicates a vehicle type to which the updated fraud detection rules are to be applied, and when the associated information indicates a vehicle type corresponding to a vehicle in which the on-board network system is installed, the certain update condition is treated as satisfied, and the update is conducted. 9 . The method according to claim 1 , wherein the fraud detection rules and the updated fraud detection rules are configured to include a program for determining conformity to the rules. 10 . The method according to claim 1 , wherein the delivery data has been subjected to a cryptographic process, and during the receiving of the delivery data, a process corresponding to the cryptographic process is performed. 11 . The method according to claim 1 , wherein the plurality of electronic controllers communicate over the one or more networks in accordance with a controller area network (CAN) protocol. 12 . The method according to claim 1 , wherein the plurality of network types includes (i) the drive network connected to an electronic controller related to a travel of the vehicle, the travel of the vehicle including an engine, fuel and a transmission, (ii) a body network connected to an electronic controller related to a control of one of equipment of the vehicle, the equipment including a door lock, an air conditioner, a light and a winker, and (iii) a safety network connected to an electronic controller related to safety, the safety including a brake and an air bag. 13 . A fraud detecting electronic controller connected to one or more networks used for communication by a plurality of electronic controllers, comprising: a processor: a communicator: and a memory having a computer program stored thereon, the computer program causing the processor to execute operations, including determining whether or not the communicator receives an inquiry for a vehicle status indicating whether or not a vehicle in which the fraud detecting electronic controller is installed is running from an external device and transmits the vehicle status to the external device, storing fraud detection rules: determining whether or not a message transmitted on a network connected to the fraud detecting electronic controller conforms to the rules based on the fraud detection rules, receiving the delivery data including updated fraud detection rules and network type information indicating one of a plurality of network types to which the updated fraud detection rules are to be applied: determining whether or not the vehicle is running, the on-board network system including the plurality of controllers: when the vehicle is determined to be running, additionally determining whether or not the network type information indicates a drive network that is connected to an electronic controller related to a travel of the vehicle, (i) when the network type informatio