VEHICLE CORRELATION SYSTEM FOR CYBER ATTACKS DETECTION AND METHOD THEREOF
20170230385 · 2017-08-10
Assignee
Inventors
- Guy RUVIO (ElAd, IL)
- Saar DICKMAN (Zur-Moshe, IL)
- Yuval Weisglass (Kfar-Saba, IL)
- Yoav ETGAR (ModiIn, IL)
Cpc classification
H04W4/44
ELECTRICITY
H04L67/12
ELECTRICITY
B60R25/30
PERFORMING OPERATIONS; TRANSPORTING
International classification
Abstract
A system and method for detection of at least one cyber-attack on one or more vehicles including steps of transmitting and/or receiving by a first on-board agent module installed within one or more vehicles and/or a second on-board agent module installed within road infrastructure and in a range of communication with said first on-board agent module metadata to and/or from an on-site and/or remote cloud-based detection server including a correlation engine; detecting cyberattacks based on correlation calculation between the metadata received from one or more first agent module installed within vehicles and/or from one or more second agent modules installed within road infrastructure; indicating a probability of a cyber-attack against one or more vehicle based on correlation calculation; initiating blocking of vehicle-to-vehicle communication to present and/or stop a spread of an identified threat.
Claims
1. A vehicle correlation system for detection of at least one cyber-attack on one or more vehicles comprising a plurality of on-board communication agent modules communicating with one another, said system comprising: a. first on-board agent modules installed within a plurality of vehicles; b. second on-board agent modules installed within road infrastructure and in a range of communication with at least one of said first on-board agent modules; c. an on-site and/or remote cloud-based detection server comprising a correlation engine; wherein said first agent modules and said at least one second agent module are operable to transmit and/or receive metadata to and/or from said correlation engine; and said correlation engine is configured to indicate a probability of a cyberattack against one or more vehicles based on correlation calculation between said metadata received from one or more first agent modules installed within vehicles and/or from one or more second agent modules installed within road infrastructure; further wherein said metadata comprises data parameters which correlate among one or more first agent modules installed within vehicles and/or from one or more second agent modules installed within road infrastructure are selected from a group consisting of: a suspect and/or an identified threat on one or more vehicles, spread of a suspect and/or an identified attack among multiple vehicles, location of the vehicles, geographic information, vehicle unique identification, event time, vehicle-to-vehicle communication parameters, vehicle-to-infrastructure communication parameters, vehicle-to-cloud communication parameters, software applications downloaded and/or used in the vehicle and/or any combinations thereof.
2. (canceled)
3. (canceled)
4. The system according to claim 1, wherein the identified cyber-attacks compromise and/or intend to compromise vehicle functioning, vehicle safety, integrity of data transmitted from and/or to the vehicles.
5. The system according to claim 1, wherein spread of a suspect or an identified attack among multiple agents is correlated over time and/or location of the vehicles.
6. The system according to claim 1, wherein said metadata associated with cyber threats aggregated in said on-site and/or remote cloud-based detection server is transmitted from at least one said first agent module and/or at least one said second agent module.
7. The system according to claim 1, wherein said metadata associated with cyber threats aggregated in said on-site and/or remote cloud-based detection server is transmitted to at least one said first agent module and/or at least one said second agent module.
8. The system according to claim 1, wherein said correlation engine is configured to identify infection and spread of the identified cyber-attack based on vehicle-to-vehicle communication.
9. The system according to claim 1, wherein said correlation engine is configured to identify the pattern of the attack spread.
10. The system according to claim 4 and 5, wherein said server is configured to initiate blocking of vehicle-to-vehicle communication to prevent and/or stop a spread of an identified threat.
11. The system according to claim 4 and 5, wherein one or more first agent module installed within vehicles are operable to notify each other based on vehicle-to-vehicle communication of a suspect and/or an identified threat.
12. The system according to claim 1, wherein the location used for correlation calculation is based on cellular data and metadata.
13. The system according to claim 1, wherein geographic information used for correlation calculation is based on a third party geographic information system (GIS).
14. The system according to claim 11, wherein said geographic information system (GIS) contains city data.
15. The system according to claim 1, wherein said metadata is originated from an infotainment system.
16. The system according to claim 1, wherein said metadata is originated from the vehicles' sensors.
17. The system according to claim 1, wherein said metadata is originated from the vehicles' telematics systems.
18. The system according to claim 1, wherein said vehicles travel over air, land or sea.
19. A method for detection of at least one cyber-attack, said method comprising steps of: a. transmitting and/or receiving by s-first on-board agent modules installed within vehicles and/or second on-board agent modules installed within road infrastructure and in a range of communication with at least one of said first on-board agent modules metadata to and/or from an on-site and/or remote cloud-based detection server comprising a correlation engine; b. indicating a probability of cyberattacks based on correlation calculation between said metadata received from one or more first agent module installed within vehicles and/or from one or more second agent modules installed within road infrastructure; further wherein said metadata comprises data parameters which correlate among one or more first agent modules installed within vehicles and/or from one or more second agent modules installed within road infrastructure are selected from a group consisting of: a suspect and/or an identified threat on one or more vehicles, spread of a suspect and/or an identified attack among multiple vehicles, location of the vehicles, geographic information, vehicle unique identification, event time, vehicle-to-vehicle communication parameters, vehicle-to-infrastructure communication parameters, vehicle-to-cloud communication parameters, software applications downloaded and/or used in the vehicle and/or any combinations thereof.
20. (canceled)
21. (canceled)
22. The method according to claim 17, wherein the identified cyber-attacks compromise and/or intend to compromise vehicle functioning, vehicle safety, integrity of data transmitted from and/or to the vehicles.
23. The method according to claim 17, wherein spread of a suspect or an identified attack among multiple agents is correlated over time and/or location of the vehicles.
24. The method according to claim 17, wherein said metadata associated with cyber threats aggregated in said on-site and/or remote cloud-based detection server is transmitted from at least one said first agent module and/or at least one said second agent module.
25. The method according to claim 17, wherein said metadata associated with cyber threats aggregated in said on-site and/or remote cloud-based detection server is transmitted to at least one said first agent module and/or at least one said second agent module.
26. The method according to claim 17, wherein said method further comprises a step of identifying infection and spread of the identified cyber-attack based on vehicle-to-vehicle communication.
27. The method according to claim 17, wherein said method further comprises a step of identifying the pattern of the attack spread.
28. The method according to claim 22 and 23, wherein said method further comprises a step of initiating blocking of vehicle-to-vehicle communication to prevent and/or stop a spread of an identified threat.
29. The method according to claim 22 and 23, wherein said method further comprises a step of a one or more said first on-board agent modules installed within one or more vehicles notifying each other based on vehicle-to-vehicle communication of a suspect and/or an identified threat.
30. The method according to claim 17, wherein the location used for correlation calculation is based on cellular data and metadata.
31. The method according to claim 17, wherein geographic information used for correlation calculation is based on a third party geographic information system (GIS).
32. The method according to claim 27, wherein said geographic information system (GIS) contains city data.
33. The method according to claim 17, wherein said metadata is originated from an infotainment system.
34. The method according to claim 17, wherein said metadata is originated from the vehicles' sensors.
35. The method according to claim 17, wherein said metadata is originated from the vehicles' telematics systems.
36. The method according to claim 17, wherein said vehicles travel over air, land or sea.
Description
BRIEF DESCRIPTION OF THE FIGURES
[0017] In the following detailed description of the preferred embodiments, reference is made to the accompanying drawings that form a part thereof, and in which are shown by way of illustration specific embodiments in which the invention may be practiced. It is understood that other embodiments may be utilized and structural changes may be made without departing from the scope of the present invention. The present invention may be practiced according to the claims without some or all of these specific details. For the purpose of clarity, technical material that is known in the technical fields related to the invention has not been described in detail so that the present invention is not unnecessarily obscured.
[0018]
[0019]
DETAILED DESCRIPTION OF THE INVENTION
[0020] In the following detailed description of the preferred embodiments, reference is made to the accompanying drawings that form a part hereof, and in which are shown by way of illustration specific embodiments in which the invention may be practiced. It is understood that other embodiments may be utilized and structural changes may be made without departing from the scope of the present invention. The present invention may be practiced according to the claims without some or all of these specific details. For the purpose of clarity, technical material that is known in the technical fields related to the invention has not been described in detail so that the present invention is not unnecessarily obscured.
[0021] Reference throughout this specification to “one embodiment” or “an embodiment” means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention. Thus, the appearances of the phrases “in one embodiment” or “in an embodiment” in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
[0022] While the technology will be described in conjunction with various embodiment(s), it will be understood that they are not intended to limit the present technology to these embodiments. On the contrary, the present technology is intended to cover alternatives, modifications and equivalents, which may be included within the spirit and scope of the various embodiments as defined by the appended claims.
[0023] Furthermore, in the following description of embodiments, numerous specific details are set forth in order to provide a thorough understanding of the present technology. However, the present technology may be practiced without these specific details. In other instances, well known methods, procedures, components, and circuits have not been described in detail as not to unnecessarily obscure aspects of the present embodiments.
[0024] Unless specifically stated otherwise as apparent from the following discussions, it is appreciated that throughout the present description of embodiments, discussions utilizing terms such as “receiving”, “transmitting”, “detecting”, “configuring”, “correlating,” “identifying”, “classifying”, “configuring”, “interrogating” or the like, refer to the actions and processes of a computer system, or similar electronic computing device. The computer system or similar electronic computing device manipulates and transforms data represented as physical (electronic) quantities within the computer system's registers and memories into other data similarly represented as physical quantities within the computer system memories or registers or other such information storage, transmission, or display devices, including integrated circuits down to and including chip level firmware, assembler, and hardware based micro code.
[0025] The term “cloud” refers herein to a server located on the internet or hosted in a dedicated remote location, which provides communication and/or data services to the vehicles and the infrastructure.
[0026] The term “infrastructure” refers herein to electronic road infrastructure, including electronic road signs and traffic lights stop lights, railroad crossing, hazard/construction in the roads, highway interchanges. Also referred to as road infrastructure.
[0027] The term “geographical information” refers herein to various layers of geographic data, including topographic data and metadata and city information. Sometimes referred in the literature as “geographic information system—GIS”.
[0028] The term “agent” refers herein to a particle of embedded software in charge of collecting processing and sending data from the vehicles or the infrastructure to the cloud.
[0029] The term “metadata” refers herein to information which describes underlying data.
[0030] The term “infotainment system” refers herein to a media and entertainment system installed in the vehicle.
[0031] Reference is now made to
[0032] . A correlation engine [110] collects data from software agents [141-146] installed on vehicles [121-123] and infrastructure [131-133], analyses correlation between data parameters such as a suspect or an identified threat on one or more vehicle, spread of a suspect or an identified attack among multiple vehicles, location of the vehicles, geographic information, vehicle unique identification, event time, vehicle to vehicle communications characteristics, vehicle to infrastructure communications characteristics, vehicle to cloud communications characteristics, road infrastructure data and software application downloaded and/or used in the vehicle. Based upon the correlation which occurs on the correlation engine, a probability of a cyber-attack is calculated. Upon a suspect cyber threat, the vehicles and road infrastructure which are identified as targets for a cyber-attack—alerts and/or attack prevention measures are sent from the correlation engine to the vehicles and or the road infrastructure.
[0033] Reference is now made to
[0034] While the foregoing written description of the invention enables one of ordinary skill to make and use what is considered presently to be the best mode thereof, those of ordinary skill will understand and appreciate the existence of variations, combinations, and equivalents of the specific embodiment, method, and examples herein. The invention should therefore not be limited by the above described embodiment, method, and examples, but by all embodiments and methods within the scope and spirit of the invention.