A message monitoring system includes a first electronic control unit and a second electronic control unit connected to the first electronic control unit via a communication network. In the first electronic control unit, a first message is generated; a first feature value representing a feature of the first message is calculated; a second message storing the first feature value is generated; and the first message is transmitted whereas the second message is transmitted periodically. In the second electronic control unit, the first message and the second message are received from the first electronic control unit; a second feature value representing a feature of the received first message is calculated; and a comparison is performed between (i) the first feature value stored in the received second message and (ii) the calculated second feature value; and whether the first message is normal is determined based on a result of the comparison.

A method for secure path discovery in a mesh network at a destination device is disclosed. The method includes receiving a path discovery request from an originator device and selecting a path selection in response to the path discovery request. The method also includes transmitting the path selection to the originator device and receiving a random seed from a provisioner device. The method also includes generating an authentication code based on the random seed, transmitting an authentication code message to an originator device and receiving communications from the originator device only if the originator device receives a verification response message from the provisioner device which confirms that the destination device has been verified.

A method for secure path discovery in a mesh network at a destination device is disclosed. The method includes receiving a path discovery request from an originator device and selecting a path selection in response to the path discovery request. The method also includes transmitting the path selection to the originator device and receiving a random seed from a provisioner device. The method also includes generating an authentication code based on the random seed, transmitting an authentication code message to an originator device and receiving communications from the originator device only if the originator device receives a verification response message from the provisioner device which confirms that the destination device has been verified.

A malicious anchor node detection and target node localization method based on recovery of sparse terms, includes: S1: establishing an unknown disturbance term by using ranging value attack terms from an attacker to nodes in a wireless sensor network, and introducing a to-be-estimated location of a target node to the unknown disturbance term, to obtain an unknown sparse vector; S2: converting a problem of malicious anchor node detection and target node localization into a problem of recovery of the unknown sparse vector; S3: determining a location of an initial node according to a recursive weighted linear least square method, and recovering and reconstructing the unknown sparse vector with sparsity; and S4: determining a malicious anchor node determination range by approximating a threshold using a recovered value of the unknown sparse vector, to implement malicious anchor node detection, and recovering and determining location information of the target node.

A malicious anchor node detection and target node localization method based on recovery of sparse terms, includes: S1: establishing an unknown disturbance term by using ranging value attack terms from an attacker to nodes in a wireless sensor network, and introducing a to-be-estimated location of a target node to the unknown disturbance term, to obtain an unknown sparse vector; S2: converting a problem of malicious anchor node detection and target node localization into a problem of recovery of the unknown sparse vector; S3: determining a location of an initial node according to a recursive weighted linear least square method, and recovering and reconstructing the unknown sparse vector with sparsity; and S4: determining a malicious anchor node determination range by approximating a threshold using a recovered value of the unknown sparse vector, to implement malicious anchor node detection, and recovering and determining location information of the target node.

Systems and methods can support identifying pairings and channel parameters in short-range wireless communications such as bluetooth low energy interfaces. Radio frequency sensors may be positioned within an electromagnetic environment where a master wireless device and a slave wireless device share short-range wireless communications. Signals transmitted between the master wireless device and the slave wireless device can be received by the radio frequency sensors. Inter-arrival times for packets within the received signals may be identified. Statistics of the inter-arrival times can be analyzed to identify connection intervals between the master wireless device and the slave wireless device as well as back-to-back interval exchanged within the connection intervals. Packet header contents may be used to reconcile the estimated timing parameters and time slots. Pairings between the master wireless device and the slave wireless device may be identified and tracked along with communication channel parameters.

Systems and methods can support identifying pairings and channel parameters in short-range wireless communications such as bluetooth low energy interfaces. Radio frequency sensors may be positioned within an electromagnetic environment where a master wireless device and a slave wireless device share short-range wireless communications. Signals transmitted between the master wireless device and the slave wireless device can be received by the radio frequency sensors. Inter-arrival times for packets within the received signals may be identified. Statistics of the inter-arrival times can be analyzed to identify connection intervals between the master wireless device and the slave wireless device as well as back-to-back interval exchanged within the connection intervals. Packet header contents may be used to reconcile the estimated timing parameters and time slots. Pairings between the master wireless device and the slave wireless device may be identified and tracked along with communication channel parameters.

Specific connection request is refused responsive to a match on the MAC ban list. If not on the MAC ban list, and a station has MAC randomization enabled, the specific connection requests is also checked against the hostname ban list, wherein the specific connection request is refused responsive to a match on the hostname ban list. The specific new connection request is allowed to proceed responsive to not matching the MAC ban list and not matching the hostname ban list.

An attack analyzer includes: a security log acquisition unit acquiring a security log including an abnormality detection signal generated by a security sensor mounted on an electronic control device constituting part of an electronic control system and indicating that the security sensor has detected an abnormality; an alive signal acquisition unit acquiring an alive signal; a prediction table storage unit storing a prediction table showing a correspondence relationship between a predicted attack route in the electronic control system and a predicted abnormality detection signal predicted to be generated by the security sensor; an attack route estimation unit estimating, using the prediction table, the attack route of an attack received by the electronic control system from the abnormality detection signal and the alive signal included in the security log; and an attack information output unit outputting attack information indicating the attack route.

Various aspects of the present disclosure generally relate to wireless communication. In some aspects, a user equipment (UE) may monitor a reception occasion for a short message that includes a system information change notification or a public warning system notification. The UE may initiate a mitigation action related to a radio link with a network based at least in part on non-reception by the UE of the short message in the reception occasion, failure of the short message to pass an integrity check, and/or the like. Numerous other aspects are provided.