DESC:ON-VEHICLE SECURITY MEASURES SYSTEM
CROSS REFERENCE TO RELATED APPLICATIONS
The present application claims priority from Indian Provisional Patent Application No. 202421034485 filed on 01/05/2024, the entirety of which is incorporated herein by a reference.
TECHNICAL FIELD
Generally, the present disclosure relates to relates to network security systems. Particularly, the present disclosure relates to a system and method for detecting and mitigating communication anomalies in network terminals.
BACKGROUND
With the increasing interconnectivity of devices and systems through networked communication, especially in industrial, vehicular, and enterprise domains, ensuring the security and reliability of communication paths has become critical. In such environments, multiple source network terminals exchange data with centralized systems or cloud-based services through a gateway, which serves as the central communication hub. However, the gateways often face significant challenges in maintaining the integrity, performance, and security of data transmission, particularly when delays or anomalies occur in communication patterns.
Conventionally, the approaches to network security typically rely on encryption protocols, such as but not limited to TLS (Transport Layer Security) or IPsec, and firewall configurations to protect data in transit between devices and networks. The encryption protocols run by encoding the data using cryptographic algorithms, which are only be decrypted by authorized recipients possessing the correct decryption keys, thereby ensuring confidentiality and integrity. The TLS is commonly used in application-layer communications, while IPsec operates at the network layer to secure IP packets. The firewalls serve as a barrier between trusted and untrusted networks, filtering incoming and outgoing traffic based on predetermined security rules such as IP address, port number, and protocol type. Further, together the above-mentioned approaches create a multi-layered security posture that helps prevent unauthorized access, data tampering, and eavesdropping.
However, there are certain problems associated with the existing or above-mentioned mechanism of network security. For instance, the existing approaches largely focus on securing the content of the communication rather than emphasizing the behavior or performance of the network participants. As a result, the conventional approaches ignore the issues arising from internal anomalies, compromised subsystems, or timing-based disruptions, particularly in complex, distributed environments such as electric vehicle ecosystems with multiple electronic control units and third-party modules that communicate over shared networks. The above-mentioned limitation underscores the need for behavior-based security mechanisms that monitor, analyze, and respond to real-time operational patterns such as delays in communication logs to provide an additional layer of protection against system faults and emerging cyber threats.
Therefore, there exists a need for a mechanism for network security that is efficient, accurate, and overcomes one or more problems as mentioned above.
SUMMARY
An object of the present disclosure is to provide a system for securing a connected network that enhances the security of connected networks by detecting communication anomalies based on log delays.
Another object of the present disclosure is to provide a method for securing a connected network that enhances the security of connected networks by detecting communication anomalies based on log delays.
In accordance with an aspect of the present disclosure, there is provided a system for securing a connected network, the system comprises:
- at least one source network terminal;
- a gateway controller communicably coupled with the at least one source network terminal, wherein the gateway controller comprises:
- a communication log unit
- a log analysis unit
- an error detection unit; and
- a path control unit
- a base network terminal communicably connected to the gateway controller,
wherein the gateway controller is configured to control the operation of at least one source network terminal based on a delay associated with at least one communication log.
The system for securing a connected network, as described in the present disclosure, is advantageous in terms of enhancing the cybersecurity and operational reliability of connected networks. Specifically, by incorporating a gateway controller that monitors communication log delays, the system detects timing-based anomalies in the connected network communication. Further, the modular structure ensures efficient isolation and mitigation of threats without disrupting normal network functionality. The above-mentioned targeted filtering reduces the chance of false positives and minimizes downtime of essential network functions. Furthermore, by leveraging frequency-based error detection and instruction-driven control, the system provides a dynamic response mechanism that evolves with real-time network behavior, offering long-term resilience against evolving cybersecurity threats.
In accordance with another aspect of the present disclosure, there is provided a method for securing a connected network, the method comprises:
- fetching at least one communication log between the at least one source network terminal and the base network terminal, via a communication log unit;
- assigning identified communication log with at least one error code, via a log analysis unit;
- detecting a frequency of the at least one assigned error code in a predefined time-interval, via an error detection unit;
- comparing the frequency of the at least one assigned error code with a threshold frequency value, via the error detection unit; and
- filtering the at least one communication log based on a generated instruction signal, via a path control unit.
Additional aspects, advantages, features, and objects of the present disclosure would be made apparent from the drawings and the detailed description of the illustrative embodiments constructed in conjunction with the appended claims that follow.
It will be appreciated that features of the present disclosure are susceptible to being combined in various combinations without departing from the scope of the present disclosure as defined by the appended claims.
BRIEF DESCRIPTION OF DRAWINGS
The summary above, as well as the following detailed description of illustrative embodiments, is better understood when read in conjunction with the appended drawings. For the purpose of illustrating the present disclosure, exemplary constructions of the disclosure are shown in the drawings. However, the present disclosure is not limited to specific methods and instrumentalities disclosed herein. Moreover, those in the art will understand that the drawings are not to scale. Wherever possible, like elements have been indicated by identical numbers.
Embodiments of the present disclosure will now be described, by way of example only, with reference to the following diagrams wherein:
Figures 1 and 2 illustrate a block diagram of a system for securing a connected network, in accordance with an embodiment of the present disclosure.
Figure 3 illustrates a flow chart for securing a connected network, in accordance with another embodiment of the present disclosure.
In the accompanying drawings, an underlined number is employed to represent an item over which the underlined number is positioned or an item to which the underlined number is adjacent. A non-underlined number relates to an item identified by a line linking the non-underlined number to the item. When a number is non-underlined and accompanied by an associated arrow, the non-underlined number is used to identify a general item at which the arrow is pointing.
DETAILED DESCRIPTION
The following detailed description illustrates embodiments of the present disclosure and ways in which they can be implemented. Although some modes of carrying out the present disclosure have been disclosed, those skilled in the art would recognize that other embodiments for carrying out or practicing the present disclosure are also possible.
As used herein, the terms “source network terminal”,
“source network”, and “source terminal” are used interchangeably and refer to any originating node or device within a connected network that initiates data communication. The source terminals transmit control messages, status updates, or diagnostic data to other nodes on cloud-connected networks. The source terminal also sometimes serves as an entry point for malicious commands or abnormal traffic patterns. Specifically, to ensure network security, source terminals are monitored for parameters such as transmission frequency, message ID conformity, data payload integrity, and communication timing (e.g., delays or jitter). The detection of anomalies in the characteristics mentioned above allows for real-time threat mitigation. In Electric Vehicles (EVs), source network terminals expand to include certain sub-systems such as Battery Management Systems (BMS), inverter controllers, charging communication interfaces, and high-voltage domain ECUs. The sub-systems exchange critical, high-frequency data related to powertrain performance, energy consumption, and thermal management. The security measures for such EV-specific terminals involve tighter monitoring of voltage/current signals embedded in message payloads, enforcing real-time behavior baselines, and isolating components upon detection of anomalies. The methodologies for security measures include rule-based filtering, AI-driven behavioral modeling, and physical or software-based path blocking via a centralized gateway. The security measures ensure that any compromised or malfunctioning source terminal is swiftly detected and neutralized, maintaining the integrity of the core operational network.
As used herein, the terms “gateway controller”, “central gateway controller,” and “network interface controller” are used interchangeably and refer to a central communication management unit that facilitates, filters, and regulates data exchange between multiple sub-networks within a connected network. The gateway controller plays a vital role in cybersecurity by monitoring message flow, enforcing access policies, detecting anomalies, and initiating responses such as message filtering, node isolation, or traffic throttling. The types of gateway controllers include centralized gateways (handling all domain traffic), domain-specific gateways (managing traffic within a particular function), and zonal gateways (handling data within a specific physical region of the network). Each type of gateway controller is equipped with firewall logic, Intrusion Detection Systems (IDS), and encryption modules to protect against internal faults or external attacks. Further, in electric vehicles, the role of the gateway controller becomes more critical due to the presence of high-voltage domains and components such as battery management systems, inverters, and EV-specific telematics modules. The vehicles rely on high-speed protocols such as Automotive Ethernet, and the gateway securely manages both routine control data and high-frequency safety-critical communications. The security methods specific to EVs include monitoring for abnormal charging patterns, voltage/current anomalies in the BMS messages, or malicious commands targeting energy flow or regenerative braking systems. A secure gateway controller employs real-time traffic analysis, adaptive threshold-based error detection, and direct intervention mechanisms such as blocking compromised ECUs or re-routing network traffic to preserve functionality. As the central decision-making node, the gateway controller thus serves as both a communication hub and a frontline guard in ensuring secure, resilient network operation.
As used herein, the term “communication log unit” refers to a hardware or software module configured to capture and store network communication data exchanged between nodes in a connected system. In general networks, communication log unit records messages such as CAN frames, timestamps, message IDs, and node identifiers, enabling visibility into network operations and communication behaviors. The communication log unit forms the foundation for post-event analysis, real-time monitoring, or audit logging in case of faults or security breaches. The types of communication log units include, but not limited to embedded ECU loggers, telematics-based remote loggers, and gateway-integrated logging modules. The communication log also functions passively (mirroring traffic) or actively (tagging or flagging specific message types), depending on security constraints. In electric vehicles, the communication log unit captures domain-specific data from high-voltage systems such as the Battery Management System (BMS), inverter controllers, and charging interfaces. The procedure for securing communication networks (for EVs or general communication networks) using the communication log unit includes filtering logs by source domain, correlating log timing with network states, and tagging events such as voltage spikes or thermal anomalies in EV operation. The advanced communication log units use buffering, compression, and cloud offloading for efficient storage and rapid retrieval.
As used herein, the term “log analysis unit” refers to a hardware or software module configured for interpreting and analyzing the communication logs collected within the communication network to detect patterns, abnormalities, or potential security threats. In general, the log analysis unit applies logic-based rules, statistical models, or machine learning algorithms to identify deviations, unexpected behaviors, or protocol violations. The types of log analysis units include, but not limited to, rule-based systems (for fixed logic detection), anomaly-based engines (for statistical deviation detection), and AI-powered analysis modules (trained on normal vs. malicious patterns). In electric vehicles, the log analysis unit extends the scope to specialized electric drivetrain and battery-related communication. For instance, the log analysis unit detects a rapid drop in state-of-charge messages, timing mismatches in inverter control loops, or inconsistent charger operating signals. The mechanisms used for detection involve real-time processing with embedded AI, temporal correlation with domain events, and pattern matching using historical operational data. The log analysis unit plays a critical role in feeding identified anomalies to the error detection unit or triggering direct routine responses.
As used herein, the term “error detection unit” refers to a dedicated module designed to identify faults, anomalies, or cyberattacks based on deviation from expected communication behavior. The error detection unit analyses data traffic to determine any errors, such as a replayed message, an unauthorized ID usage, or a frequency spike. The types of error detection units include but not limited to, threshold-based detection (tracking error counts per interval), pattern-based detection (monitoring for specific known fault signatures), and adaptive or learning-based detection (self-tunes based on evolving behaviors). For electric vehicles, the error detection unit detects BMS failures, inverter malfunctions, or false charge control commands. The error detection unit in EVs' communication network assesses the frequency of charging errors, current fluctuations beyond defined margins, or high-voltage isolation faults based on communication anomalies. The mechanisms for detecting the error include maintaining dynamic error profiles per ECU, correlating electrical measurements with communication logs, and escalating responses based on error severity.
As used herein, the term “path control unit” refers to a module that manages the routing and accessibility of communication channels within an internal or external network. In general, the path control unit ensures that data flows only along authorized paths and intervenes to isolate or block malicious nodes or suspicious traffic. The types of path control units include but not limited to, static route controllers (pre-defined routing paths), dynamic routers (real-time reconfiguration based on events), and security gateways with path-filtering capabilities. In electric vehicles, the path control unit becomes vital in ensuring isolation between sensitive high-voltage domains and general-purpose networks. For instance, as a compromised infotainment unit attempts to access a powertrain ECU, the path control unit interrupts the connection through gateway filtering, ECU port disabling, or electrical isolation. The methods for interrupting the network communication include setting communication rules based on operational context, predefined message filters, and integrating with error detection feedback to implement automatic blocking or rerouting.
As used herein, the terms “base network terminal”, “base network”, “base node”, and “base terminal” are used interchangeably and refer to an endpoint for a communication channel and serve as an infrastructure critical node within a connected network. In general networks, the base network terminal includes central body controllers, telematics units, or diagnostic interfaces, which are essential for normal operation and security supervision. The types of base network terminals include, but not limited to, central gateways, zonal controllers, and cloud uplink modules. The base network terminals are pre-authenticated, have elevated privileges, and are prime targets for both monitoring and hardening. In electric vehicles, the base network terminals include the sub-systems such as Vehicle Control Unit (VCU), Battery Management System (BMS), and Charging Communication Interface, which initiate or regulate vital operations. Further, securing the above-mentioned sub-systems involves strict message authentication, watchdog mechanisms to detect inactivity or irregularity, and firmware integrity checks. Furthermore, mechanisms for securing include strengthening the base terminal firmware, whitelisting allowed message types, monitoring command patterns, and using redundant fallback paths to ensure safe operation in the event of terminal compromise.
As used herein, the terms “memory unit”, “storage unit”, “storage module,” and “memory storage” are used interchangeably and refer to a hardware component or embedded storage area designed to store data, instructions, and information for quick access by the gateway controller. The information includes, but not limited to, system firmware, configuration files, communication logs, error records, and runtime variables. The memory unit plays a vital role as the memory unit contains sensitive information protected from unauthorized access, tampering, or loss. The types of memory units include, but not limited to, non-volatile memory (Flash, Electrically Erasable Programmable Read-Only Memory (EEPROM)), volatile memory (Random Access Memory (RAM) for temporary storage), and hybrid secure memory modules that support cryptographic protection or write-once procedures. In electric vehicles, the memory units store high-priority data such as battery health logs, charging session history, inverter performance metrics, and safety-critical event traces. The methods for securing memory units in both conventional and EV platforms include encryption of stored data, secure boot validation of firmware images, memory partitioning (to isolate different functional domains), and logging memory access with source attribution. By securing the memory unit, the vehicle maintains reliable diagnostics, prevents malicious firmware injection, and enables forensic capabilities in the event of network failure or intrusion.
As used herein, the terms “swappable battery”, “removable battery,” and “detachable battery” are used interchangeably and refer to a modular energy storage unit designed for quick removal and replacement within electric vehicles or network-connected machinery, enabling rapid energy replenishment without prolonged charging downtime. Within a connected network, especially in vehicle fleets or smart infrastructure, the swappable batteries are equipped with embedded communication modules that exchange status, authentication, and operational data with centralized systems. The batteries are uniquely identifiable and operate under strict power and data integrity protocols to prevent unauthorized access, spoofing, or physical tampering. In an intrusion detection system (IDS), the swappable battery becomes both a node and a vector, and the behavior and connection patterns are continuously monitored for anomalies. The swappable batteries are classified into standardized and proprietary types. The standardized batteries are designed for interoperability across multiple platforms and vendors, and proprietary batteries are tailored to specific manufacturers or ecosystems. The IDS employs a combination of signature-based detection (matching known malicious patterns) and anomaly-based detection (flagging deviations in energy usage, swap frequency, location data, or digital signature mismatches). The technique includes real-time monitoring of communication logs from the battery unit, correlation with expected usage profiles, and authentication handshakes during swap events.
As used herein, the term “inverter controller” refers to a component in electric vehicles and energy management systems that governs the conversion of DC (direct current) from batteries to AC (alternating current) used by electric motors or external loads. In a connected network, the inverter controller functions as a power control unit and also as a networked device that communicates operational data, control signals, and status reports to centralized monitoring systems. Due to the central role in energy flow and motor control, the inverter controller becomes a potential attack surface for cyber-physical threats. Within an intrusion detection system (IDS), the inverter controller is continuously monitored for unauthorized command injections, abnormal voltage or frequency variations, and unusual communication patterns that could indicate malicious activity. The inverter controllers are generally categorized into centralized and distributed types. The centralized controllers manage the entire energy conversion process from a single control unit, and distributed systems assign control across multiple modules for more granular or redundant control. The IDS leverages both behavioral modeling and protocol analysis methods to safeguard these controllers. Behavioral modeling involves learning the normal operation patterns (e.g., torque requests, voltage response curves, and timing intervals), and protocol analysis ensures that messages follow expected formats and timing. The system flags anomalies such as inconsistent power output relative to input, out-of-band command signals, or unauthorized firmware updates. Upon detection, the IDS logs the anomaly, alerts the system administrator, or initiates protective countermeasures such as isolating the controller from the network or reverting it to a safe operational state.
As used herein, the terms “instruction signal”, “control signal”, “command signal,” and “operation signal” are used interchangeably and refer to a command or sequence of electronic signals transmitted between system components to initiate, modify, or terminate an operation. In a general communication network, the instruction signals are issued by processors, microcontrollers, or gateway controllers to control memory behavior. The signals are embedded within firmware routines or transmitted across communication buses such as Controller Area Network (CAN) and Serial Peripheral Interface (SPI). The types of instruction signals include read/write instructions, erase or flash commands, access control signals (e.g., lock/unlock), and secure update triggers. In electric vehicles, the instruction signals manage standard memory tasks and also high-priority operations such as logging battery faults, storing charging parameters, and updating powertrain firmware. The procedure to secure the instruction signals involves implementing authentication mechanisms (digital signatures, message authentication codes), bus-level encryption, access verification protocols, and signal timing analysis to detect anomalies. By ensuring that only authorized and properly formatted instruction signals reach the memory unit, the system prevents malicious memory manipulation and supports a robust, verifiable cybersecurity strength.
In accordance with an aspect of the present disclosure, there is provided a system for securing a connected network, the system comprises:
- at least one source network terminal;
- a gateway controller communicably coupled with the at least one source network terminal, wherein the gateway controller comprises:
- a communication log unit
- a log analysis unit
- an error detection unit; and
- a path control unit
- a base network terminal communicably connected to the gateway controller,
wherein the gateway controller is configured to control the operation of the at least one source network terminal based on a delay associated with at least one communication log.
Referring to figure 1, in accordance with an embodiment, there is described a system 100 for securing a connected network. The system 100 comprises at least one source network terminal 102 and a gateway controller 104 communicably coupled with the at least one source network terminal 102. The gateway controller 104 comprises a communication log unit 106, a log analysis unit 108, an error detection unit 110, and a path control unit 112. The system further comprises a base network terminal 114 communicably connected to the gateway controller 104. Furthermore, the gateway controller 104 is configured to control the operation of the at least one source network terminal 102 based on a delay associated with at least one communication log.
The system includes at least one source network terminal 102, which includes, but not limited to, any electronic control unit (ECU), sensor node, actuator, or subsystem within a connected or electric vehicle that generates or exchanges data over the internal network. The source terminals 102 are communicably connected to a gateway controller 104, which functions as the central coordination and monitoring unit. The gateway controller 104 comprises multiple functional modules: a communication log unit 106, a log analysis unit 108, an error detection unit 110, and a path control unit 112. The communication log unit 106 is responsible for fetching communication logs from interactions between source terminals and the base network terminal. The logs typically include message timestamps, IDs, sender/receiver addresses, and payload data. Further, the logs are processed by the log analysis unit 108, which evaluates the logs against predefined or learned benchmarks stored in memory to determine the behavior of the logs reflecting any deviations. Furthermore, a key aspect of the system’s 100 working is the monitoring of communication log delay, which refers to the latency or timing inconsistencies observed in message delivery between nodes. The log analysis unit 108 measures the delays and compares the delays to expected timing thresholds. Specifically, as the delays exceed the acceptable range, the system 100 flags the delays as potential indicators of congestion, cyber intrusion, or faulty node behavior. The anomalies are encoded and passed to the error detection unit 110, which tracks the frequency and recurrence of such delays over predefined time intervals. Furthermore, as the delay anomalies persist and exceed the threshold, an instruction signal is generated and forwarded to the path control unit. Based on the instruction, the path control unit 112 filters, isolates, or thwarts communication from the problematic source network terminal to prevent disruption or data compromise. The above-mentioned system architecture is a resilient and self-aware communication framework that enables real-time security enforcement in complex in-vehicle or industrial networks. Further, by continuously tracking timing-based anomalies, the system 100 detects sophisticated threats such as spoofing, jamming, or performance degradation caused by malfunctioning nodes. The advantages of the system 100 include precise fault localization and mitigation using delay-based metrics, minimized false positives due to context-aware and frequency-based error detection, enhanced reliability and safety particularly critical for electric vehicles, as network latency affect battery management, charging, and propulsion systems, and modular integration, allowing the gateway controller to adapt to different network topologies and ECU configurations.
Referring to figure 2, in accordance with an embodiment, there is described a system 100 for securing a connected network. The system 100 comprises at least one source network terminal 102 and a gateway controller 104 communicably coupled with the at least one source network terminal 102. The gateway controller 104 comprises a communication log unit 106, a log analysis unit 108, an error detection unit 110, and a path control unit 112. The system further comprises a base network terminal 114 communicably connected to the gateway controller 104. Furthermore, the gateway controller 104 is configured to control the operation of the at least one source network terminal 102 based on a delay associated with at least one communication log. Furthermore, the gateway controller 104 comprises a memory unit 116 communicably coupled with the communication log unit 106, the log analysis unit 108, the error detection unit 110, and the path control unit 112. The gateway controller 104 functions as the central processing and control entity in a connected network system, enabling real-time coordination between subsystems. The memory unit 116 plays a critical role in storing, caching, and retrieving data used across multiple security-related modules, namely, the communication log unit 106, log analysis unit 108, error detection unit 110, and path control unit 112. The memory unit 116 is configured to store raw communication data, processed analysis results, detected error patterns, and path control decisions or rules. The connected module writes to or reads from specific memory partitions For instance, the communication log unit 106 records packet-level data, and the log analysis unit 108 retrieves the data to identify anomalies using pattern recognition or AI-based methods. Similarly, the error detection unit 110 maintains dynamic counters, frequency logs, and error signatures, and the path control unit 112 stores blacklisted routes or isolated node identifiers for enforcement. The integrated memory approach allows low-latency data sharing, real-time feedback loops between detection and enforcement, and persistent storage for audit and diagnostic purposes. The mechanism for integrated memory includes, but not limited to, role-based memory partitioning, priority-based memory access control, timestamped data linking, and event-triggered memory snapshots. The advantages of the memory unit 116 include centralized and synchronized data processing across modules, eliminating redundancies, reduced system overhead by avoiding excessive inter-module communication over buses, improved resilience, as memory-logged evidence enables traceability and rollback during faults or intrusions, and the ability to scale the architecture to support both conventional and electric vehicles. The integrated memory unit 116 architecture effectively transforms the gateway into a dynamic, intelligent control node for end-to-end in-vehicle cybersecurity.
In an embodiment, the at least one source network terminal 102 comprises at least one sub-system of an electric vehicle ecosystem, wherein the at least one sub-system comprises a swappable battery, an inverter controller, at least one electronic control unit, and at least one charging interface module. Each sub-system functions as a node within the EV’s digital communication network and interacts with the gateway controller 104 through continuous data exchange. The swappable battery communicates critical data such as state of charge, cell temperatures, and swap events; the inverter controller transmits motor and power flow parameters; the ECUs govern various vehicle functions such as braking, thermal management, and battery safety protocols; and the charging interface module manages charging status, grid interaction, and authentication. Further, the sub-systems periodically transmit operational logs to the gateway controller, which are stored and analysed for delay patterns and anomalies that indicate faults, degraded performance, or potential cyber-attacks. The gateway controller 104, upon detecting irregular delays or suspicious behavior in the communication logs from any of the sub-systems, initiates specific control actions via the path control unit 112, such as throttling communication frequency, temporarily isolating the affected sub-system, or alerting the base network terminal 114 for manual intervention. The procedure allows real-time responsiveness to disruptions or threats, preventing cascade failures across the interconnected EV ecosystem. The above-mentioned configuration provides enhanced fault isolation, increased system robustness, and dynamic threat mitigation without disrupting the overall functionality of the EV. The advantages of the isolation of the source network terminal include improved safety, reduced downtime, seamless management of complex subsystems, and increased assurance in swappable battery infrastructures and third-party charging networks and thereby maintaining efficient vehicle operation.
In an embodiment, the communication log unit 106 is configured to fetch the at least one communication log between the at least one source network terminal 102 and the base network terminal 104. The communication log unit 106 operates as a critical data acquisition component within the network security architecture. The communication log unit 106 is configured to fetch and store communication logs that occur between the source network terminal 102, which is initiating the electronic control unit (ECU) or sensor node, and the base network terminal 104, representing the central or gateway interface. The communication log unit 106 passively monitors and intercepts network traffic flowing over internal communication buses such as Controller Area Network (CAN), Local Interconnect Network (LIN), FlexRay, or Automotive Ethernet. The communication log unit 106 records metadata including message identifiers, source and destination addresses, time intervals, payload sizes, and message contents. Further, fetching approaches include deep packet inspection, protocol-specific parsing, and real-time buffering, with mechanisms in place to capture both cyclical and event-driven communications. The logs are time-synchronized and indexed for fast access by downstream modules, such as the log analysis or anomaly detection systems. The above-mentioned configuration provides a granular, real-time view of all communication flows within the network, serving as the foundation for behavioral modeling, anomaly detection, and threat response. Further, by persistently logging communication patterns between source and base terminals, the system 100 gains situational awareness of both expected and abnormal interactions. Advantages of fetching the log data include improved threat traceability, as all events are backed by log evidence, enhanced system transparency, allowing engineers and automated systems to audit message flows, minimal disruption to live operations, since logs are fetched non-intrusively, and adaptability for static or moving source terminal. The communication log unit 106 thus acts as the primary sensor for in-vehicle cybersecurity intelligence, enabling proactive detection and timely isolation of network threats.
In an embodiment, the log analysis unit 108 is configured to receive the fetched communication log and compare the received communication log with a preset communication log stored in the memory unit 116. The log analysis unit 108 serves as the core intelligence module for detecting anomalies or deviations in vehicle communication behavior. Further, after receiving the fetched communication log from the communication log unit 106, the log analysis unit 108 processes the data and compares the data against a preset communication log stored in the memory unit 116. The preset log represents a known-safe communication pattern, such as timing intervals, node-to-node message structures, or expected payload values recorded during initial configuration, training phases, or from manufacturer-provided standards. The working process involves decoding real-time logs, aligning message sequences, validating signal properties, and flagging any discrepancies in order, frequency, or content. The log analysis unit 108 supports both rule-based methods (matching against white-listed message IDs and flow sequences) and adaptive methods (using machine learning or statistical profiling to model normal behavior and detect outliers). The log analysis unit 108 enables behavior-based threat detection, identifying known attacks (such as, but not limited to, spoofing or flooding) and unknown or evolving anomalies that deviate from historical norms. The approaches for detection include differential analysis, temporal pattern tracking, entropy-based content deviation detection, and signature matching against attack libraries. The above-mentioned approaches are supported by timestamp correlation, vehicle mode awareness (drive vs. park in EVs), and prioritization of high-risk logs (e.g., from powertrain ECUs or battery management systems in EVs). The advantages of the log analysis unit 108 include early detection of cyber intrusions failures, low false-positive rates due to comparison with verified presets, reduced processing load on other ECUs by centralizing analysis in one unit and specific relevance in electric vehicles, as continuous monitoring of charger-vehicle communication or thermal system control is vital for safety.
In an embodiment, the log analysis unit 108 is configured to identify at least one deviation of the communication log based on the comparison and assign the identified communication log with at least one error code. The log analysis unit 108 is designed to detect anomalies in communication behavior by identifying deviations in communication logs compared to a preset communication pattern stored in the memory unit 116. Further, after the initial comparison, the log analysis unit 108 uses pattern recognition techniques to identify at least one deviation, which includes message delays, unauthorized message IDs, unexpected payload structures, or altered communication frequency. Furthermore, as a deviation is identified, the system assigns an error code to the anomalous communication log entry. The error code is descriptive (namely, delay_violation, ID_mismatch, payload_corruption) and is used for downstream processing, such as error classification or initiating isolation responses. The methodologies used include deviation scoring, rule violation mapping, and machine-learning-driven scoring to correlate detected anomalies with predefined error types. The assigning of error codes enables structured, automated handling of abnormal communication behavior, forming the foundation for effective error detection, logging, and remediation. The structured labelling enhances system transparency, traceability, and decision-making in real-time. For instance, an error code related to repeated invalid sensor messages triggers filtering rules in the path control unit, as an error from a charging controller in an EV or a network prompts an immediate safety alert or session termination. The advantages of the identification of the deviation include standardized error classification, which simplifies forensic analysis and system debugging, real-time actionable insight for security modules, improved robustness, as even subtle anomalies are tagged and tracked and applicability to electric vehicles as error traceability is crucial for ensuring battery safety, charging protocol compliance, and thermal system integrity.
In an embodiment, the log analysis unit 108 is configured to transfer the at least one assigned error code to the error detection unit 110. The log analysis unit 108 is configured to transfer the error codes to the error detection unit 110 for evaluation. The transfer is executed via an internal data bus or shared memory interface, ensuring minimal latency and real-time interoperability between modules. The transfer of data includes metadata such as, but not limited to, the timestamp of the error, the originating node address, and the error classification. The procedures used in the transfer process include event-driven signalling, data queuing with prioritization, and context-linked transmission, ensuring that each error code carries sufficient diagnostic information for downstream processing. Further, the modular and decoupled approach allows the analysis unit 108 to focus on pattern recognition and classification, and the error detection unit handles error trend aggregation and decision-making based on frequency, severity, or recurrence. The transferring of the error codes to the error detection unit enables the creation of a scalable and layered security architecture, as analysis and judgment are functionally separated for efficiency and accuracy. The above-mentioned approach enables the system to aggregate and contextualize multiple error events, which is critical for identifying ongoing attacks or systemic malfunctions. The advantages of the error code transfer include optimized processing, as analysis and detection are distributed across specialized modules, enhanced responsiveness, as only relevant error data is escalated, improved clarity for system-wide diagnostics and post-event analysis and critical application in electric vehicles, where quick propagation of fault codes (related to battery miscommunication or charger handshake errors) enable rapid isolation and safety mechanisms.
In an embodiment, the error detection unit 110 is configured to receive the assigned code and detect a frequency of the at least one assigned error code in a predefined time-interval. The error detection unit 110 is designed to receive the assigned error codes from the log analysis unit 108 and continuously monitor the frequency of each unique error type within a predefined time interval. Further, the error detection unit 110 timestamps the event and stores the timestamps in a rolling buffer or event log indexed by error type. Furthermore, by using a sliding time window or a cyclic buffer, the unit computes the occurrence of each error type within the specified interval (such as, but not limited to, every 5 seconds, 30 seconds, or 1 minute). The approaches for frequency detection include time-based counters, real-time analytics engines, and dynamic threshold monitoring. The error detection unit 110 also applies weight-based scoring for more critical errors, contributing more heavily to frequency scoring. Additionally, the error detection unit 110 correlates patterns across different error codes to detect compound or cascading faults. The error detection unit 110 enables detection of systemic or repetitive anomalies that signal a cyberattack, hardware fault, or protocol malfunction. The frequent recurrence of an error within a short time window indicates a higher probability of an active fault condition. The advantages of the error detection unit 110 include real-time detection of persistent or escalating threats such as DoS (Denial of Service) attacks or ECU misbehaviour, minimized false alarms by focusing on sustained error activity, context-aware operation, as the time-interval can be dynamically tuned based on vehicle state and heightened reliability in electric vehicles.
In an embodiment, the error detection unit 110 is configured to compare the frequency of the at least one assigned error code with a threshold frequency value and generate an instruction signal based on the comparison. The error detection unit 110 computes the frequency of each received error code within a predefined time interval and performs a comparative analysis against a preset or dynamically adaptive threshold frequency value. The threshold represents the maximum tolerable error occurrences for a given type before the system considers the error critical. Further, the frequency of any particular error code meets or exceeds the threshold, the error detection unit 110 generates an instruction signal, which includes parameters such as the type of error, the affected communication path, and the urgency level. The approaches applied include static thresholding (based on manufacturer specifications), adaptive thresholds (adjusted via historical trends or machine learning), and confidence-weighted scoring (different error types have variable sensitivity). The generation of the instruction signal is event-driven or time-scheduled, ensuring timely transmission to downstream units such as, but not limited to, the path control unit 112 or the gateway controller 104. The error detection unit 110 enables intelligent, threshold-based decision-making that distinguishes between harmless noise and significant communication faults or intrusions. Furthermore, by triggering an instruction signal only when error frequency becomes abnormal, the system avoids unnecessary interventions and maintains vigilance. The advantages of error detection unit 110 include proactive response to repeated anomalies before system failure occurs, fine-grained control, allowing differentiated handling based on error severity or origin, robust real-time security enforcement in connected systems, especially electric vehicles, as repeated errors signal causes serious issues such as battery communication faults or unauthorized reprogramming attempts and modularity, enabling integration with broader vehicle security frameworks or OTA (Over-the-Air) monitoring systems.
In an embodiment, the error detection unit 110 is configured to send the generated instruction signal to the path control unit 112. Specifically, as the error detection unit 110 generates an instruction signal based on the comparison between the observed error frequency and a threshold, the error detection unit 110 transmits the signal to the path control unit 112. The communication is typically established via a secure internal vehicle network bus (such as, but not limited to CAN or Ethernet), a dedicated control line, or a shared memory interface, depending on the system architecture. The instruction signal includes structured metadata such as the error code, source node, timestamp, frequency count, and recommended action (such as isolate node, block port, filter ID). The approaches used for transmission include prioritized message queues, real-time messaging protocols (such as SOME/IP or DoIP in modern vehicles), and integrity-verified signal handoffs to ensure that the instruction is securely and accurately received. The instruction signal enables a responsive and decentralized decision-making framework, as the error detection module acts as a mediator between passive anomaly observation and active system intervention. The configuration reduces processing burden on the central gateway and increases the speed of incident handling. The advantages of the instruction signal include modularity, enabling flexible configuration across various vehicle models or network layouts, rapid threat mitigation, as action is taken immediately upon threshold breach, reduced likelihood of false positives affecting vehicle performance, as only confirmed, frequent anomalies trigger response and critical relevance in electric vehicles, where repeated communication faults such as those in powertrain, BMS (Battery Management System), or charging modules require fast isolation to ensure safety and component protection.
In an embodiment, the path control unit 112 is configured to receive the generated instruction signal and filter the at least one communication log based on the generated instruction signal. The path control unit 112 is designed to receive the instruction signal generated by the error detection unit 110, which contains information about detected anomalies, such as, but not limited to, the error type, affected nodes, communication identifiers (e.g., message IDs), and recommended action. Subsequently, after receiving the signal, the path control unit analyzes the parameters and proceeds to filter the corresponding communication logs or real-time messages within the network. The filtering process involves suppressing specific message identifiers (IDs), disabling transmission routes between certain nodes, or dropping packets that match known abnormal patterns. The approaches used for filtering include rule-based filtering, dynamic message blacklisting, port-level blocking, and ECU-level isolation. The filtering is also applied in real-time using hardware-based firewalls in the central gateway or software modules deployed on ECUs. The filtering ensures only valid, non-malicious communication continues within the network. Further, the filtering process enables the isolation and mitigation of abnormal or harmful communication in the vehicle network. Further, by targeting only the communication patterns identified as faulty or malicious, the system ensures that legitimate data flow is preserved and blocks only the affected segments. The advantages of the filtering include enhanced network security by preventing the spread of corrupted or compromised messages, reduced risk of malfunction in critical vehicle systems such as braking, steering, or battery control minimal system disruption, since filtering is precise and based on real-time diagnostics and high relevance for electric vehicles, where uninterrupted communication is crucial for managing energy systems, thermal controls, and charger coordination.
In accordance with a second aspect, there is described a method for securing a connected network, the method comprises:
- fetching at least one communication log between the at least one source network terminal and the base network terminal, via a communication log unit;
- assigning an identified communication log with at least one error code, via a log analysis unit;
- detecting a frequency of the at least one assigned error code in a predefined time-interval, via an error detection unit;
- comparing the frequency of the at least one assigned error code with a threshold frequency value, via the error detection unit; and
- filtering the at least one communication log based on a generated instruction signal, via a path control unit.
Figure 3 describes a method 200 for securing a connected network. The method 200 starts at a step 202. At the step 202, the method 200 comprises fetching at least one communication log between the at least one source network terminal and the base network terminal, via a communication log unit 106. At a step 204, the method 200 comprises assigning an identified communication log with at least one error code, via a log analysis unit 108. At a step 206, the method 200 comprises detecting a frequency of the at least one assigned error code in a predefined time-interval, via an error detection unit 110. At a step 208, the method 200 comprises comparing the frequency of the at least one assigned error code with a threshold frequency value, via the error detection unit 110. At a step 210, the method 200 comprises filtering the at least one communication log based on a generated instruction signal, via a path control unit 112.
In an embodiment, the method 200 comprises receiving the fetched communication log and comparing the received communication log with a preset communication log stored in the memory unit 116.
In an embodiment, the method 200 comprises identifying at least one deviation of the communication log based on the comparison and assigning the identified communication log with at least one error code.
In an embodiment, the method 200 comprises transferring the at least one assigned error code to the error detection unit 110.
In an embodiment, the method 200 comprises receiving the assigned code and detect a frequency of the at least one assigned error code in a predefined time-interval.
In an embodiment, the method 200 comprises sending the generated instruction signal to the path control unit 112.
In an embodiment, the method 200 comprises receiving the generated instruction signal and filtering the at least one communication log based on the generated instruction signal.
In an embodiment, the method 200 comprises receiving the fetched communication log and comparing the received communication log with a preset communication log stored in the memory unit 116. Further, the method 200 comprises identifying at least one deviation of the communication log based on the comparison and assigning the identified communication log with at least one error code. Furthermore, the method 200 comprises transferring the at least one assigned error code to the error detection unit 110. Furthermore, the method 200 comprises receiving the assigned code and detecting a frequency of the at least one assigned error code in a predefined time-interval. Furthermore, the method 200 comprises sending the generated instruction signal to the path control unit 112. Furthermore, the method 200 comprises receiving the generated instruction signal and filtering the at least one communication log based on the generated instruction signal.
In an embodiment, the method 200 comprises fetching at least one communication log between the at least one source network terminal and the base network terminal, via a communication log unit 106. Furthermore, the method 200 comprises assigning an identified communication log with at least one error code, via a log analysis unit 108. Furthermore, the method 200 comprises detecting a frequency of the at least one assigned error code in a predefined time-interval, via an error detection unit 110. Furthermore, comparing the frequency of the at least one assigned error code with a threshold frequency value, via the error detection unit 110. Furthermore, the method 200 comprises filtering the at least one communication log based on a generated instruction signal, via a path control unit 112.
Based on the above-mentioned embodiments, the present disclosure provides significant advantages by enhancing the cybersecurity and operational reliability of connected networks. Specifically, by incorporating a gateway controller that monitors communication log delays, the system detects timing-based anomalies in the connected network communication.
It would be appreciated that all the explanations and embodiments of the system 100 also apply mutatis-mutandis to the method 200.
In the description of the present invention, it is also to be noted that, unless otherwise explicitly specified or limited, the terms “disposed,” “mounted,” and “connected” are to be construed broadly, and may for example be fixedly connected, detachably connected, or integrally connected, either mechanically or electrically. They may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meaning of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Modifications to embodiments and combinations of different embodiments of the present disclosure described in the foregoing are possible without departing from the scope of the present disclosure as defined by the accompanying claims. Expressions such as “including”, “comprising”, “incorporating”, “have”, and “is” used to describe and claim the present disclosure are intended to be construed in a non-exclusive manner, namely allowing for items, components or elements not explicitly described also to be present. Reference to the singular is also to be construed to relate to the plural where appropriate.
Although embodiments have been described with reference to a number of illustrative embodiments thereof, it should be understood that numerous other modifications and embodiments can be devised by those skilled in the art that will fall within the spirit and scope of the principles of this disclosure. More particularly, various variations and modifications are possible in the component parts and/or arrangements of the subject combination arrangement within the scope of the present disclosure, the drawings, and the appended claims. In addition to variations and modifications in the component parts and/or arrangements, alternative uses will also be apparent to those skilled in the art.
,CLAIMS:WE CLAIM:
1. A system (100) for securing a connected network, the system (100) comprises:
- at least one source network terminal (102);
- a gateway controller (104) communicably coupled with the at least one source network terminal (102), wherein the gateway controller (104) comprises:
- a communication log unit (106);
- a log analysis unit (108);
- an error detection unit (110); and
- a path control unit (112);
- a base network terminal (114) communicably connected to the gateway controller (104),
wherein the gateway controller (104) is configured to control the operation of the at least one source network terminal (102) based on a delay associated with at least one communication log.

2. The system (100) as claimed in claim 1, wherein the gateway controller (104) comprises a memory unit (116) communicably coupled with the communication log unit (106), the log analysis unit (108), the error detection unit (110) and the path control unit (112).

3. The system (100) as claimed in claim 1, wherein the at least one source network terminal (102) comprises at least one sub-system of an electric vehicle ecosystem, wherein the at least one sub-system comprises a swappable battery, an inverter controller, and at least one electronic control unit.

4. The system (100) as claimed in claim 1, wherein the communication log unit (106) is configured to fetch the at least one communication log between the at least one source network terminal (102) and the base network terminal (104).

5. The system (100) as claimed in claim 1, wherein the log analysis unit (108) is configured to receive the fetched communication log and compare the received communication log with a preset communication log stored in the memory unit (116).

6. The system (100) as claimed in claim 1, wherein the log analysis unit (108) is configured to identify at least one deviation of the communication log based on the comparison and assign the identified communication log with at least one error code.

7. The system (100) as claimed in claim 1, wherein the log analysis unit (108) is configured to transfer the at least one assigned error code to the error detection unit (110).

8. The system (100) as claimed in claim 1, wherein the error detection unit (110) is configured to receive the assigned code and detect a frequency of the at least one assigned error code in a predefined time-interval.

9. The system (100) as claimed in claim 1, wherein the error detection unit (110) is configured to compare the frequency of the at least one assigned error code with a threshold frequency value and generate an instruction signal based on the comparison.

10. The system (100) as claimed in claim 1, wherein the error detection unit (110) is configured to send the generated instruction signal to the path control unit (112).

11. The system (100) as claimed in claim 1, wherein the path control unit (112) is configured to receive the generated instruction signal and filter the at least one communication log based on the generated instruction signal.

12. A method (200) for securing a connected network, the method (200) comprising:
- fetching at least one communication log between the at least one source network terminal and the base network terminal, via a communication log unit (106);
- assigning an identified communication log with at least one error code, via a log analysis unit (108);
- detecting a frequency of the at least one assigned error code in a predefined time-interval, via an error detection unit (110);
- comparing the frequency of the at least one assigned error code with a threshold frequency value, via the error detection unit (110); and
- filtering the at least one communication log based on a generated instruction signal, via a path control unit (112).