Intrusion detection apparatus, system and methods

Jenkins, Chris; Roesler, Alexander

Title: Intrusion detection apparatus, system and methods

Abstract

Described herein are various technologies for detection and mitigation of rogue terminal attacks on multiplex data buses. An intrusion detection device is incorporated between a bus controller and a bus of a multiplex data bus. The intrusion detection device receives message that are communicated among the bus controller and a plurality of remote terminals (by way of the bus). The intrusion detection device determines whether messages are unauthorized based upon origins of the messages and predefined rules. When a message is determined to be unauthorized, the intrusion detection device outputs a notification that the unauthorized message has been detected and can block the unauthorized message.

Inventors:: Jenkins, Chris; Roesler, Alexander

Issue Date:: 2019-09-10

Research Org.:: Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

Sponsoring Org.:: USDOE

OSTI Identifier:: 1576345

Patent Number(s):: 10410002

Application Number:: 15/341,279

Assignee:: National Technology & Engineering Solutions of Sandia, LLC (Albuquerque, NM)

Patent Classifications (CPCs):: G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING

H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION

Show more

G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
G06F13/4282 - {on a serial bus, e.g. I2C bus, SPI bus

H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
H04L63/126 - {the source of the received data}
H04L63/0227 - {Filtering policies

G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
G06F21/60 - Protecting data
G06F21/554 - {involving event detection and direct action}

H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
H04L63/1416 - {Event detection, e.g. attack signature detection}
H04L63/123 - {received data contents, e.g. message integrity}
H04L63/1466 - {Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks}

G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
G06F21/606 - {by securing the transmission between two devices or processes}
G06F21/85 - interconnection devices, e.g. bus-connected or in-line devices

Show less

DOE Contract Number:: AC04-94AL85000

Resource Type:: Patent

Resource Relation:: Patent File Date: 2016 Nov 02

Country of Publication:: United States

Language:: English

Subject:: 97 MATHEMATICS AND COMPUTING

Citation Formats


                    Jenkins, Chris, and Roesler, Alexander. Intrusion detection apparatus, system and methods.  United States: N. p., 2019. 
        Web.

Copy to clipboard


                    Jenkins, Chris, & Roesler, Alexander. Intrusion detection apparatus, system and methods.  United States.

Copy to clipboard


                    Jenkins, Chris, and Roesler, Alexander. Tue .  
        "Intrusion detection apparatus, system and methods".  United States.  https://www.osti.gov/servlets/purl/1576345.

Copy to clipboard


                    
@article{osti_1576345,

  title        = {Intrusion detection apparatus, system and methods},

  author       = {Jenkins, Chris and Roesler, Alexander},

  abstractNote = {Described herein are various technologies for detection and mitigation of rogue terminal attacks on multiplex data buses. An intrusion detection device is incorporated between a bus controller and a bus of a multiplex data bus. The intrusion detection device receives message that are communicated among the bus controller and a plurality of remote terminals (by way of the bus). The intrusion detection device determines whether messages are unauthorized based upon origins of the messages and predefined rules. When a message is determined to be unauthorized, the intrusion detection device outputs a notification that the unauthorized message has been detected and can block the unauthorized message.},

  doi          = {},

  journal      = {},
number       = ,

  volume       = ,

  place        = {United States},

  year         = {2019},

  month        = {9}

}

Copy to clipboard

Patent:

View Patent

Save / Share:

Export Metadata

Save to My Library

Works referenced in this record:

Method for protecting vehicle data transmission system from intrusions
patent, February 2015

Kalintsev, Nikolay; Mikhailov, Dmitry Nikolaevich; Khabibullin, Timur
US Patent Document 8,955,130
URL: http://patft.uspto.gov/netacgi/nph-Parser?patentnumber=8955130

Intrusion detection systems employing active detectors
patent, March 2000

Pinhas, Yizhaq; Okun, Efim
US Patent Document 6,037,902
URL: http://patft.uspto.gov/netacgi/nph-Parser?patentnumber=6037902

Data Filter
patent-application, September 2013

Robillard, David C.; Wagovich, Joseph D.
US Patent Application 13/426702; 20130254442
URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220130254442%22.PGNR.&OS=DN/20130254442&RS=DN/20130254442

Embedded guard-sanitizer
patent, September 2017

Collins, James G.
US Patent Document 9,773,130
URL: http://patft.uspto.gov/netacgi/nph-Parser?patentnumber=9773130

Process control methods and apparatus for intrusion detection, protection and network hardening
patent, July 2010

Khuti, Bharat A.; Coleman, Clayton P.; Rath, David J.
US Patent Document 7,761,923
URL: http://patft.uspto.gov/netacgi/nph-Parser?patentnumber=7761923

Information processing device, information processing method, and non-transitory computer readable medium
patent, July 2016

Yoda, Yoshiyuki
US Patent Document 9,389,812
URL: http://patft.uspto.gov/netacgi/nph-Parser?patentnumber=9389812

Temporal anomaly detection on automotive networks
patent, September 2018

Sonalker, Anuja; Sherman, David M.
US Patent Document 10,083,071
URL: http://patft.uspto.gov/netacgi/nph-Parser?patentnumber=10083071

System and method for monitoring high speed data bus
patent, February 2001

Green, Samuel I.
US Patent Document 6,195,768
URL: http://patft.uspto.gov/netacgi/nph-Parser?patentnumber=6195768

Multiple Security Level Monitor for Monitoring a Plurality of MIL-STD-1553 Buses with Multiple Independent Levels of Security
patent-application, October 2018

Eckhardt, Josh D.; Donofrio, Thomas E.; Serag, Khaled
US Patent Application 15/492426; 20180307845
URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220180307845%22.PGNR.&OS=DN/20180307845&RS=DN/20180307845

MIL-STD-1553 interface device having concurrent remote terminal and monitor terminal operation
patent, June 1994

Jordan, Anthony F.; Ziegler, Jeff P.; Pressprich, John W.
US Patent Document 5,325,359
URL: http://patft.uspto.gov/netacgi/nph-Parser?patentnumber=5325359

MIL-STD-1553 buffer/driver
patent, April 2001

Cammarota, Joseph P.; McGlynn, Edwin F.
US Patent Document 6,212,224
URL: http://patft.uspto.gov/netacgi/nph-Parser?patentnumber=6212224

Similar Records in DOE Patents and OSTI.GOV collections:

Method and apparatus for distributed intrusion protection system for ultra high bandwidth networks

Patent Goranson, Craig A.; Burnette, John R.; Greitzer, Frank L.; ...

A method for providing security to a network having a data stream with a plurality of portions of data, each having differing levels of sensitivity. The data stream is interrogated to determine the presence of predetermined characteristics associated with at least one of the portions of data within the data stream. At least one of the portions of data is then characterized, based upon the portion of data exhibiting a predetermined combination of characteristics, wherein the predetermined combination of characteristics is related to the sensitivity of the portion of data. The portions of the data stream are then distributed intomore »« less
Full Text Available
Systems and methods for intrusion detection using GHz beams

Patent Russell, John L.; Prather, Dennis; Schuetz, Christopher

The present disclosure is directed to systems and methods that use 1 GHz to 1000 GHz sources and sensors to create an intrusion detection array that does not have the physical limitations of an Active IR sensor. The array is created by a plurality of wave sources and sensor pairs that form a plane of wave break beams. The plane detects an intruder as he/she passes through the beams.
Full Text Available
Method and apparatus for operating a powertrain system upon detecting a stuck-closed clutch

Patent Hansen, R. Anthony

A powertrain system includes a multi-mode transmission having a plurality of torque machines. A method for controlling the powertrain system includes identifying all presently applied clutches including commanded applied clutches and the stuck-closed clutch upon detecting one of the torque-transfer clutches is in a stuck-closed condition. A closed-loop control system is employed to control operation of the multi-mode transmission accounting for all the presently applied clutches.
Full Text Available
Method and apparatus for continuous fluid leak monitoring and detection in analytical instruments and instrument systems

Patent Weitz, Karl K [Pasco, WA]; Moore, Ronald J [West Richland, WA]

A method and device are disclosed that provide for detection of fluid leaks in analytical instruments and instrument systems. The leak detection device includes a collection tube, a fluid absorbing material, and a circuit that electrically couples to an indicator device. When assembled, the leak detection device detects and monitors for fluid leaks, providing a preselected response in conjunction with the indicator device when contacted by a fluid.
Full Text Available
Method, apparatus and system for low-energy beta particle detection

Patent Akers, Douglas W.; Drigert, Mark W.

An apparatus, method, and system relating to radiation detection of low-energy beta particles are disclosed. An embodiment includes a radiation detector with a first scintillator and a second scintillator operably coupled to each other. The first scintillator and the second scintillator are each structured to generate a light pulse responsive to interaction with beta particles. The first scintillator is structured to experience full energy deposition of low-energy beta particles, and permit a higher-energy beta particle to pass therethrough and interact with the second scintillator. The radiation detector further includes a light-to-electrical converter operably coupled to the second scintillator and configuredmore »« less
Full Text Available

Similar Records

Title: Intrusion detection apparatus, system and methods

Abstract

Citation Formats

Method for protecting vehicle data transmission system from intrusions patent, February 2015

Intrusion detection systems employing active detectors patent, March 2000

Data Filter patent-application, September 2013

Embedded guard-sanitizer patent, September 2017

Process control methods and apparatus for intrusion detection, protection and network hardening patent, July 2010

Information processing device, information processing method, and non-transitory computer readable medium patent, July 2016

Temporal anomaly detection on automotive networks patent, September 2018

System and method for monitoring high speed data bus patent, February 2001

Multiple Security Level Monitor for Monitoring a Plurality of MIL-STD-1553 Buses with Multiple Independent Levels of Security patent-application, October 2018

MIL-STD-1553 interface device having concurrent remote terminal and monitor terminal operation patent, June 1994

MIL-STD-1553 buffer/driver patent, April 2001

Method for protecting vehicle data transmission system from intrusions
patent, February 2015

Intrusion detection systems employing active detectors
patent, March 2000

Data Filter
patent-application, September 2013

Embedded guard-sanitizer
patent, September 2017

Process control methods and apparatus for intrusion detection, protection and network hardening
patent, July 2010

Information processing device, information processing method, and non-transitory computer readable medium
patent, July 2016

Temporal anomaly detection on automotive networks
patent, September 2018

System and method for monitoring high speed data bus
patent, February 2001

Multiple Security Level Monitor for Monitoring a Plurality of MIL-STD-1553 Buses with Multiple Independent Levels of Security
patent-application, October 2018

MIL-STD-1553 interface device having concurrent remote terminal and monitor terminal operation
patent, June 1994

MIL-STD-1553 buffer/driver
patent, April 2001