This application disclose a processing method of an abnormally behaving unmanned aerial vehicle, a network element, a system, and a storage medium, to detect a data packet for transmitting non-C2 data. The method includes: An SMF network element provides a first rule for a UPF network element, where the first rule indicates the UPF network element to detect, from a target transmission data packet, the data packet for transmitting the non-command and control C2 data, and the target transmission data packet is a data packet between the UAV and the UAVC; the SMF network element receives a first session report sent by the UPF network element; and the SMF network element sends an abnormal traffic report to the first network element based on the first session report.

This application disclose a processing method of an abnormally behaving unmanned aerial vehicle, a network element, a system, and a storage medium, to detect a data packet for transmitting non-C2 data. The method includes: An SMF network element provides a first rule for a UPF network element, where the first rule indicates the UPF network element to detect, from a target transmission data packet, the data packet for transmitting the non-command and control C2 data, and the target transmission data packet is a data packet between the UAV and the UAVC; the SMF network element receives a first session report sent by the UPF network element; and the SMF network element sends an abnormal traffic report to the first network element based on the first session report.

Disclosed herein is a method for detecting a covert channel in wireless communication. The method includes setting a wireless communication specification, detecting a covert timing channel, and detecting a covert storage channel.

Disclosed herein is a method for detecting a covert channel in wireless communication. The method includes setting a wireless communication specification, detecting a covert timing channel, and detecting a covert storage channel.

A method for monitoring and identifying changes in one or more parameters of an OS is disclosed. The method includes performing a measurement by a measurement application of a first computer system of the one or more parameters of a first OS executing on the first computer system, receiving the measurement of the one or more parameters of the first OS by an appraisal application, and storing the measurement of the one or more parameters of the first OS in a data store. The method also includes comparing the measurement with one or more first OS parameter norms associated with the first network slice, and identifying a change in the one or more parameters of the first OS by the appraisal application in response to comparing the measurement of the one or more parameters of the first OS with the one or more first OS parameter norms.

A method for monitoring and identifying changes in one or more parameters of an OS is disclosed. The method includes performing a measurement by a measurement application of a first computer system of the one or more parameters of a first OS executing on the first computer system, receiving the measurement of the one or more parameters of the first OS by an appraisal application, and storing the measurement of the one or more parameters of the first OS in a data store. The method also includes comparing the measurement with one or more first OS parameter norms associated with the first network slice, and identifying a change in the one or more parameters of the first OS by the appraisal application in response to comparing the measurement of the one or more parameters of the first OS with the one or more first OS parameter norms.

A method performed by a UE (10) for evaluating validity of a radio link, wherein the UE (10) is operating in a wireless communication network, and wherein the UE (10) receives a signal on the radio link. The UE (10) determines (401) that the received signal comprises a time synchronization message and a security extension associated with the time synchronization message. The UE (10) further determines (402) that the radio link is valid if a security mechanism related to the security extension indicates that the time synchronization message is valid. The UE (10) further determines (403) that the radio link is non-valid if the security mechanism related to the security extension indicates that the time synchronization message is non-valid.

A vehicle network security arrangement for a vehicle, having a network vulnerable to attacks from at least one threat. One or more external devices, being a source of at least one threat, are connectable and communicate with a vehicle network. A cyber security device is connected to the network and receives data being sent to and data transmitted from the network. The cyber security device includes a memory and an anomaly detection system (ADS) that detects the at least one threat in the data being begin sent to the network and the data being sent from the network. A memory of the cyber security device keeps a data log that contains information concerning the at least one threat, which is accessible by a user accessing the memory of the cyber security device.

A computer-implemented method for recognizing and/or preventing an intrusion into a service-oriented communication system of a vehicle, including registering a process originating from an instance in the service-oriented communication system, and checking, at least based on a predetermined negative list, whether the process in the service-oriented communication system is impermissible. A service-oriented communication system in a vehicle, which is designed to apply the method for recognizing and/or preventing an intrusion into the service-oriented communication system, optionally the communication system being safeguarded via the method for recognizing and/or preventing an intrusion into the service-oriented communication system.

In one embodiment, a service receives administration traffic data in a network associated with a remote administration session in which a control device remotely administers a client device. The service analyzes the administration traffic data to determine whether any portion of the administration traffic data is resulting from an administration session involving a trusted administrator. The service flags a first portion of the administration traffic data as authorized when the first portion of the administration traffic data is determined to result from an administration session involving a trusted administrator, and a second portion of the administration traffic data is non-flagged. The service assesses the second portion of the administration traffic data using a machine learning-based traffic classifier to determine whether the second portion of the administration traffic data is malicious.