In an electronic control unit, it is determine whether a data frame received from a different electronic control unit via a communication network is abnormal. A prediction data, which is predicted to be a normal data supposed to be included in the data frame determined to be abnormal, is generated by using a past data that is a data included in stored data frames, based on a stored prediction generation method. A prediction data frame including the prediction data is transmitted via the communication network.

There is provided a message chain-based CAN security system with a hash function, including: a hash value generating unit generating a hash value H.sub.(r,ID,i)/H′.sub.(r,ID,i) using a received Hash Reset Key HRK.sub.r and ID to be transmitted or received by the system when an arbitrary node transmits the HRK.sub.r; a CAN message transmitting unit transmitting a CAN message including the hash value H.sub.(r,ID,i)/H′.sub.(r,ID,i); a validity determining unit determining whether H.sub.(r,ID,i) of a CAN message received by a node which has received the CAN message matches a value held by the system; a message receiving and executing unit allowing message reception and executing a command when the validity determining unit determines that the CAN message is valid; and a warning transmitting unit transmitting an intruder detection warning.

A CAN module that can be integrated between a CAN controller and a CAN transceiver includes a receive data (RXD), input interface for receiving a first bit sequence through a RXD stream and a RXD output interface for sending a manipulated receive data (MRXD), stream including a second bit sequence. A processing logic of the CAN module is configured to manipulate the first bit sequence to generate a second bit sequence comprising a second stuff bit at a second position in the second bit sequence corresponding to a first position of a first stuff bit in the first bit sequence such that the second stuff bit is complementary to a preceding bit of the second stuff bit in the second bit sequence. The present disclosure also relates to a method for the CAN module.

A detection device to be used in an in-vehicle network including a CAN (Controller Area Network) bus and a plurality of function units connected to the CAN bus includes: a measurement unit configured to measure a signal waveform of a frame transmitted in the CAN bus; a calculation unit configured to calculate a plurality of kinds of feature amounts of the signal waveform measured by the measurement unit; and a detection unit configured to detect an abnormality regarding the CAN bus, based on each of the feature amounts calculated by the calculation unit.

A Controller Area Network (CAN) system, method, and circuit are provided with a dual mode bus line termination circuit connected between signal lines of a serial bus and optimized for both differential and single-ended communication modes over the serial bus, where the dual mode bus line termination circuit includes first and second resistance termination paths connected in parallel between first and second bus wires of the serial bus to provide an odd mode termination impedance (R.sub.ODD) that matches an impedance of the serial bus when operating in the differential communication mode, and to also provide an even mode termination impedance (R.sub.EVEN) that matches an impedance of the serial bus when operating in the single-ended communication mode.

A communication device that can prevent the transmission of a message from being continuously hindered over a long period of time, a communication system and a message arbitration method are provided. The communication device transmits and receives a message to and from another device connected to a common communication line which comprises a calculation unit that calculates as to a message to be transmitted a margin time before a time when a transmission of the message is completed; a transmission unit that transmits the message to which information related to the margin time calculated by the calculation unit is attached; and an arbitration unit that performs arbitration based on the information attached to the message when simultaneous message transmissions to the communication line occur, and as to multiple of messages simultaneously transmitted to the communication line, the arbitration unit performs arbitration in such a manner as to prioritize a message with a shorter margin time.

A transmitting/receiving device for a bus system and a method for reducing an oscillation tendency in the case of coupled-in interferences, in particular, in the transition between different bus states. The transmitting/receiving device has a transmitting stage for transmitting a transmit signal to a first bus wire of a bus of the bus system, and for transmitting the transmit signal to a second bus wire of the bus, and an oscillation reduction module for damping an oscillation of a bus signal arising at terminals for the bus wires when the transmitting/receiving device acts as the transmitter of the transmit signal. The oscillation reduction module includes a first resistor, which is switchable between the first bus wire and a terminal for ground, and the oscillation reduction module including a second resistor, which is switchable between the second bus wire and a terminal for a voltage supply of the bus system.

An abnormality detection apparatus for a mobility entity and for detecting an abnormality in a network system is provided. The network system includes a first network and a second network that use different communication protocols. A first communication circuit receives state information indicating a state of the mobility entity. The state information is acquired from the second network. A second communication circuit transmits and receives a first frame according to a communication protocol used in the first network. A memory stores an abnormality detection rule. A processor detects, based on the state information and the abnormality detection rule, whether a control command included in the first frame received by the second communication circuit is abnormal. In a case where the control command is abnormal, the processor prohibits the control command from being transmitted.

A transceiver for sending and receiving data from a controller area network (CAN) bus is disclosed. The transceiver includes a microcontroller port, a transmitter and a receiver. The transceiver is configured to receive a data frame from a microcontroller via the microcontroller port and to determine if the microcontroller is authorized to send the data frame or part of it based on a message identifier in the data frame and the outcome of the arbitration process. If the microcontroller is unauthorized to send the data, the transceiver is configured to invalidate the data frame and disconnect the microcontroller from the CAN bus for a predetermined period.

A system and method for intrusion detection on automotive controller area networks. The system and method can detect various CAN attacks, such as attacks that cause unintended acceleration, deactivation of vehicle's brakes, or steering the vehicle. The system and method detects changes in nuanced correlations of CAN timeseries signals and how they cluster together. The system reverse engineers CAN signals and detect masquerade attacks by analyzing timeseries extracted from raw CAN frames. Specifically, anomalies in the CAN data can be detected by computing timeseries clustering similarity using hierarchical clustering on the vehicle's CAN signals and comparing the clustering similarity across CAN captures with and without attacks.