[go: up one dir, main page]

WO2025028004A1 - Detection system, detection device, response device, and detection method - Google Patents

Detection system, detection device, response device, and detection method Download PDF

Info

Publication number
WO2025028004A1
WO2025028004A1 PCT/JP2024/020159 JP2024020159W WO2025028004A1 WO 2025028004 A1 WO2025028004 A1 WO 2025028004A1 JP 2024020159 W JP2024020159 W JP 2024020159W WO 2025028004 A1 WO2025028004 A1 WO 2025028004A1
Authority
WO
WIPO (PCT)
Prior art keywords
response
response data
detection
network
transmission path
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
PCT/JP2024/020159
Other languages
French (fr)
Japanese (ja)
Inventor
三好孝典
清水晶太
櫻澤聡
加藤勇夫
松本勉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sumitomo Electric Industries Ltd
Yokohama National University NUC
Original Assignee
Sumitomo Electric Industries Ltd
Yokohama National University NUC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sumitomo Electric Industries Ltd, Yokohama National University NUC filed Critical Sumitomo Electric Industries Ltd
Publication of WO2025028004A1 publication Critical patent/WO2025028004A1/en
Pending legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks

Definitions

  • the present disclosure relates to detection systems, detection devices, response devices and detection methods.
  • This application claims priority based on Japanese Patent Application No. 2023-125266, filed on August 1, 2023, the disclosure of which is incorporated herein in its entirety.
  • Patent Document 1 JP Patent Publication 2003-191804A discloses the following vehicle communication system. That is, the vehicle communication system is a vehicle communication system in which a plurality of electrical devices mounted on a vehicle are provided with communication means for performing data communication via communication lines wired to the vehicle, enabling data to be transmitted and received between each of the electrical devices, and each of the electrical devices is provided with a plurality of communication means for communicating the same data using different communication lines, and a selection means for selecting normal received data from a plurality of received data obtained by communication using the plurality of communication means, and one of the plurality of communication means is a low-speed communication means for performing data communication at a communication speed slower than the other communication means, thereby making the reliability of data communication by the low-speed communication means higher than that of the other communication means.
  • the vehicle communication system is a vehicle communication system in which a plurality of electrical devices mounted on a vehicle are provided with communication means for performing data communication via communication lines wired to the vehicle, enabling data to be transmitted and received between each of the electrical devices, and each
  • the detection system of the present disclosure includes a response device and a detection device that detects an abnormality in a network including the response device and a transmission path, the detection device transmits response data generation information used to generate response data to the response device via a first transmission path, the response device generates the response data based on the response data generation information received from the detection device and transmits the generated response data to the detection device via a second transmission path, the detection device detects an abnormality in the network based on reference information based on the configuration of the network and the response data transmitted by the response device, and at least one of the first transmission path and the second transmission path includes a main transmission path that transmits a main signal in the network.
  • One aspect of the present disclosure can be realized not only as a detection system equipped with such characteristic processing units, but also as a program for causing a computer to execute such characteristic processing steps, or as a semiconductor integrated circuit that realizes part or all of the detection system.
  • FIG. 1 is a diagram illustrating a configuration of a detection system according to a first embodiment of the present disclosure.
  • FIG. 2 is a diagram illustrating a configuration of a detection device in the detection system according to the first embodiment of the present disclosure.
  • FIG. 3 is a diagram showing a configuration of a response device in the detection system according to the first embodiment of the present disclosure.
  • FIG. 4 is a diagram illustrating a configuration of a detection system according to a first modification of the first embodiment of the present disclosure.
  • FIG. 5 is a diagram illustrating a configuration of a detection system according to a second modification of the first embodiment of the present disclosure.
  • FIG. 6 is a diagram illustrating an example of a sequence of a detection process in the detection system according to the first embodiment of the present disclosure.
  • FIG. 1 is a diagram illustrating a configuration of a detection system according to a first embodiment of the present disclosure.
  • FIG. 2 is a diagram illustrating a configuration of a detection device in the detection system according to the first
  • FIG. 7 is a diagram illustrating an example of a sequence of a detection process in the detection system according to the first modification of the first embodiment of the present disclosure.
  • FIG. 8 is a diagram illustrating a configuration of a detection system according to the second embodiment of the present disclosure.
  • FIG. 9 is a diagram illustrating a configuration of a detection device in a detection system according to the second embodiment of the present disclosure.
  • FIG. 10 is a diagram showing a configuration of a response device in a detection system according to a second embodiment of the present disclosure.
  • FIG. 11 is a diagram illustrating a configuration of a detection system according to a third modification of the second embodiment of the present disclosure.
  • FIG. 12 is a diagram illustrating a configuration of a response device in a detection system according to a third modification of the second embodiment of the present disclosure.
  • FIG. 13 is a diagram illustrating an example of a sequence of a detection process in the detection system according to the second embodiment of the present disclosure.
  • FIG. 14 is a diagram illustrating an example of a sequence of a detection process in a detection system according to a third modification of the second embodiment of the present disclosure.
  • the present disclosure has been made to solve the above-mentioned problems, and its purpose is to provide a detection system, detection device, response device, and detection method that can improve security in a network.
  • a detection system includes a response device and a detection device that detects an abnormality in a network including the response device and a transmission path, the detection device transmits response data generation information used to generate response data to the response device via a first transmission path, the response device generates the response data based on the response data generation information received from the detection device and transmits the generated response data to the detection device via a second transmission path, the detection device detects an abnormality in the network based on reference information based on the configuration of the network and the response data transmitted by the response device, and at least one of the first transmission path and the second transmission path includes a main transmission path that transmits a main signal in the network.
  • the first transmission path may be the main transmission path and the second transmission path may be a dedicated line used to detect abnormalities in the network, or the second transmission path may be the main transmission path and the first transmission path may be a dedicated line used to detect abnormalities in the network.
  • This configuration makes it possible to detect network anomalies while minimizing the impact on communications using the main transmission line.
  • the first transmission path may be the dedicated line, and the second transmission path may be the main transmission path.
  • the detection unit 33 uses the response data generation information Ga transmitted to the response device 101A via the transmission unit 31 and each piece of key information K in the storage unit 34 to generate multiple pieces of generated data Ma corresponding to multiple pieces of response data Ra respectively corresponding to the multiple response devices 101A connected to the transmission line 2A.
  • the generated data Ma is a hash value.
  • the detection unit 33 compares the response data Ra with the generated data Ma for each response device 101A based on the response data Ra and ID received from the receiving unit 32. For example, the detection unit 33 determines that the detection condition C1 is met when at least one of the multiple response data Ra received by the receiving unit 32 does not match the generated data Ma corresponding to the response device 101A that sent the response data Ra. On the other hand, the detection unit 33 determines that the detection condition C1 is not met when the multiple response data Ra received by the receiving unit 32 match each of the multiple generated data Ma that it generated.
  • the detection unit 33 also refers to the reference information RFa and compares the number of response data R received by the receiving unit 32 in a predetermined reception period TRa with the number of response devices 101A connected to the transmission line 1A.
  • the reception period TRa is set in advance according to the transmission timing of the response data generation information G in the detection system 401 and the required time TM indicated by the reference information RFa.
  • the reception period TRa is the period from the transmission timing ta of the response data generation information Ga by the detection device 301A to the transmission timing tb of the response data generation information Gb by the detection device 301B.
  • the detection unit 33 determines that the detection condition C2 is satisfied. On the other hand, if the number of response data R received by the receiving unit 32 in the reception period TRa is N, the detection unit 33 determines that the detection condition C2 is not satisfied.
  • the detection unit 33 also checks whether or not response data R has been received by the receiving unit 32 in a period other than the reception period TRa. For example, if there is response data R received by the receiving unit 32 in a period other than the reception period TRa, the detection unit 33 determines that the detection condition C3 is met. On the other hand, if there is no response data R received by the receiving unit 32 in a period other than the reception period TRa, the detection unit 33 determines that the detection condition C3 is not met.
  • the detection unit 33 detects an abnormality in the network NWa based on the result of the determination as to whether or not the detection conditions C1, C2, and C3 are satisfied. More specifically, when the detection unit 33 determines that at least one of the detection conditions C1, C2, and C3 is satisfied, it determines that an abnormality has occurred in the network NWa.
  • the detection unit 33 determines that there is an unauthorized device masquerading as the response device 101A. Also, for example, if detection condition C2 is satisfied and the number of response data R received by the receiving unit 32 during the reception period TRa is less than N, the detection unit 33 determines that a route blockage has occurred in the network NWa. Also, for example, if detection condition C2 is satisfied and the number of response data R received by the receiving unit 32 during the reception period TRa is greater than N, or if detection condition C3 is satisfied, the detection unit 33 determines that a detour has been inserted in the network NWa.
  • the detection unit 33 determines that an abnormality has occurred in the network NWa, it transmits abnormality information indicating that an abnormality has occurred in a message to the response device 101A via the transmission line 1A.
  • the detection unit 33 also notifies the user of the detection system 401 that an abnormality has occurred in the network NWa by voice or display.
  • the processing unit 23 may be configured not to transmit the abnormality information to the response device 101A and/or notify the user.
  • FIG. 4 is a diagram showing a configuration of a detection system according to a first modified example of the first embodiment of the present disclosure.
  • the detection system 402 includes a detection device 302 instead of the detection device 301A, and includes a response device 102A that is a response device 102 instead of the response device 101A, compared to the detection system 401.
  • the detection system 402 further includes a communication device 111C that is a communication device 111, a response device 102C that is a response device 102, and aggregation devices 201A and 201C, compared to the detection system 401.
  • the detection system 402 includes L response devices 102C and L communication devices 111C. In the example shown in FIG.
  • the communication device 111C is connected to each of the response devices 102C.
  • L is an integer equal to or greater than 2.
  • the detection system 402 may include one response device 102C and one communication device 111C.
  • each of the aggregation devices 201A and 201C will also be referred to as an aggregation device 201.
  • the response device 102A transmits the response data Ra based on the response data generation information Ga received from the detection device 302 to the aggregation device 201A via the transmission line 2A, including the response data Ra in a message.
  • the response device 102A transmits the response data Ra to the aggregation device 201A by frequency division multiplexing, time division multiplexing, or code division multiplexing the response data Ra to the transmission line 2A over which the main signal in the network NWa is transmitted.
  • the response device 102C also transmits response data Rc based on the response data generation information Ga received from the detection device 302 to the aggregation device 201C via the transmission line 2C, including the response data Rc in a message.
  • the response device 102C transmits the response data Rc to the aggregation device 201C by frequency division multiplexing, time division multiplexing, or code division multiplexing the response data Rc to the transmission line 2C over which the main signal in the network NWc is transmitted.
  • the detection device 302 receives the aggregated data RxA and RxC from the aggregation devices 201A and 201C via the transmission line 1A.
  • the detection device 302 performs detection processing based on the reference information RFac based on the configurations of the networks NW1a and NWc, and the aggregated data RxA and RxC received from the aggregation devices 201A and 201C.
  • the detection device 302 generates a plurality of generated data Ma corresponding to the plurality of response devices 102A connected to the transmission line 2A, and a plurality of generated data Mc corresponding to the plurality of response devices 102C connected to the transmission line 2C.
  • the detection device 302 compares the aggregated data RxA with the generated data Ma for each response device 102A, and compares the aggregated data RxC with the generated data Mc for each response device 102C.
  • the detection device 302 determines that the detection condition C1 is met when at least one of the multiple response data Ra aggregated in the aggregated data RxA does not match the generated data Ma corresponding to the response device 102A that sent the response data Ra.
  • the detection device 302 also determines that the detection condition C1 is met when at least one of the multiple response data Rc aggregated in the aggregated data RxC does not match the generated data Mc corresponding to the response device 102C that sent the response data Rc.
  • the detection device 302 determines that the detection condition C1 is not satisfied.
  • the aggregating device 201A may be configured to generate response data R based on response data generation information Ga received from the detection device 302, and generate aggregated data RxA by performing a predetermined process on the multiple response data Ra and the generated response data R.
  • the aggregating device 201C may be configured to generate response data R based on response data generation information Ga received from the detection device 302, and generate aggregated data RxC by performing a predetermined process on the multiple response data Rc and the generated response data R.
  • the aggregation device 201 may be configured to detect abnormalities in the networks NW1a and NWc based on the number of pieces of response data R received and the timing of receiving the response data R, similar to the detection device 302.
  • FIG. 5 is a diagram illustrating a configuration of a detection system according to Modification 2 of the first embodiment of the present disclosure.
  • detection system 403 includes detection device 303 instead of detection device 301A, and includes response device 103A instead of response device 101A.
  • the gateway device 121, the response device 103A, and the detection device 303 are connected to each other via a transmission line 2A.
  • logical transmission paths 2A1 and 2A2 are provided using the common physical transmission line 2A.
  • the communication device 111A communicates with the gateway device 121 and other communication devices 111A via the response device 103A and the transmission path 2A1. As an example, the communication device 111A transmits a message conforming to Modbus addressed to the other communication devices 111 to the gateway device 121 and other communication devices 111 via the response device 103A and the transmission path 2A1.
  • the detection device 303 and the response device 103A multiplex and transmit the response data generation information Ga and the response data Ra on the transmission line 2A.
  • the detection device 303 transmits the response data generation information Ga to the response device 103A via a logically independent transmission path 2A2 that is separate from the transmission path 2A1.
  • the detection device 303 transmits the response data generation information Ga to the response device 103A by frequency division multiplexing, time division multiplexing, or code division multiplexing the response data generation information Ga to the transmission line 2A through which the main signal in the network NWa is transmitted.
  • the response device 103A generates response data Ra based on the response data generation information Ga received from the detection device 303, and transmits the generated response data Ra to the detection device 303 via the transmission path 2A1.
  • the response device 103A transmits the response data Ra to the detection device 303 by frequency division multiplexing, time division multiplexing, or code division multiplexing the response data Ra onto the transmission line 2A over which the main signal in the network NWa is transmitted.
  • FIG. 6 is a diagram illustrating an example of a sequence of a detection process in the detection system according to the first embodiment of the present disclosure.
  • Fig. 6 illustrates the detection process in the detection device 301A.
  • the detection device 301 transmits response data generation information Ga to each response device 101A via the transmission line 1A (step S11).
  • each response device 101A generates response data Ra using the response data generation information Ga received from the detection device 301A and the key information K (step S12).
  • each response device 101A transmits the generated response data Ra to the detection device 301A via the transmission line 2A (step S13).
  • the detection device 301A performs detection processing based on the reference information RFa based on the configuration of the network NWa and the response data Ra received from the response device 101A. More specifically, the detection device 301A determines whether or not the detection condition C1 is satisfied by collating the received response data Ra with the generated data Ma for each response device 101A. The detection device 301A also determines whether or not the detection condition C2 is satisfied by referring to the reference information RFa and comparing the number of response data R received during the reception period TRa with the number of response devices 101A connected to the transmission line 1A. The detection device 301A also determines whether or not the detection condition C3 is satisfied based on the reception timing of the response data R. The detection device 301A determines whether or not an abnormality has occurred in the network NWa based on the determination results regarding the detection conditions C1, C2, and C3 (step S14).
  • FIG. 7 is a diagram showing an example of a sequence of detection processing in a detection system according to a first modified example of the first embodiment of the present disclosure.
  • FIG. 7 shows detection processing in the detection device 302.
  • the detection device 302 transmits response data generation information Ga to the response devices 102A and 102C and the aggregation devices 201A and 201C via the transmission line 1A (step S21).
  • each response device 102A generates response data Ra using the response data generation information Ga and key information K received from the detection device 302. Also, each response device 102C generates response data Rc using the response data generation information Ga and key information K received from the detection device 302 (step S22).
  • each response device 102A transmits the generated response data Ra to the aggregation device 201A via the transmission line 2A. Also, each response device 102C transmits the generated response data Rc to the aggregation device 201C via the transmission line 2C (step S23).
  • the aggregating device 201A receives the multiple response data Ra transmitted by the multiple response devices 102A, and generates aggregated data RxA by aggregating the multiple received response data Ra.
  • the aggregating device 201C receives the multiple response data Rc transmitted by the multiple response devices 102C, and generates aggregated data RxC by aggregating the multiple received response data Rc (step S24).
  • the aggregation device 201A transmits the generated aggregated data RxA to the detection device 302 via the transmission line 1A.
  • the aggregation device 201C transmits the generated aggregated data RxC to the detection device 302 via the transmission line 1A (step S25).
  • the detection device 302 performs detection processing based on the reference information RFac based on the configuration of the networks NW1a and NWc and the aggregated data RxA and RxC received from the aggregation devices 201A and 201C. More specifically, the detection device 302 compares the received aggregated data RxA with the generated data Ma for each response device 102A, and compares the aggregated data RxC with the generated data Mc for each response device 102C, thereby determining whether or not the detection condition C1 is satisfied.
  • the detection device 302 also refers to the reference information RFa1 and compares the number of response data R aggregated in the aggregated data RxA and RxC with the number of response devices 102A and 102C connected to the transmission lines 2A and 2C, respectively, to determine whether or not the detection condition C2 is satisfied.
  • the detection device 302 also determines whether or not the detection condition C3 is satisfied based on the timing of receiving the response data R.
  • the detection device 302 determines whether an abnormality has occurred in the networks NW1a and NWc based on the results of the determination regarding the detection conditions C1, C2, and C3 (step S26).
  • the detection device 301A is configured to transmit the response data generation information Ga to the response device 101A via the transmission line 1A, but this is not limited to the above.
  • the detection device 301A may be configured to transmit the response data generation information Ga to the response device 101A via the transmission line 2A.
  • the response device 101A transmits the response data Ra to the detection device 301A via the transmission line 1A.
  • the detection device 301 may be configured to transmit the response data generation information G to the response device 101 by wireless communication instead of transmitting the response data generation information G to the response device 101 via the transmission line 1. Further, the response device 101 may be configured to transmit the response data R to the detection device 301 by wireless communication instead of transmitting the response data R to the detection device 301 via the transmission line 1.
  • the detection unit 33 is configured to detect an abnormality in the network NW based on the result of the determination as to whether or not the detection conditions C1, C2, and C3 are satisfied, but this is not limited to this.
  • the detection unit 33 may be configured to detect an abnormality in the network NW based on the result of the determination as to whether or not any one or two of the detection conditions C1, C2, and C3 are satisfied.
  • the detection device 301 transmits response data generation information G used to generate response data R to the response device 101 via transmission line 1A.
  • the response device 101 generates response data R based on the response data generation information G received from the detection device 301, and transmits the generated response data R to the detection device 301 via transmission line 1B.
  • the detection device 301 detects an abnormality in the network NW based on reference information RF based on the configuration of the network NW and the response data R transmitted by the response device 101.
  • At least one of the transmission lines 1A and 1B includes a main transmission path that transmits a main signal in the network NW.
  • this embodiment relates to a detection system 404 in which response devices are connected one-to-one via a transmission path that transmits a main signal.
  • the contents other than those described below are the same as those of the detection systems 401, 402, and 403 according to the first embodiment.
  • FIG. 8 is a diagram showing the configuration of a detection system according to a second embodiment of the present disclosure.
  • the detection system 404 includes response devices 104A, 104B, 104C, and 104D that are response devices 104, response devices 105A, 105B, 105C, and 105D that are response devices 105, communication devices 112A, 112B, 112C, and 112D that are communication devices 112, switch devices 141A and 141B that are switch devices 141, a gateway device 122, and detection devices 304A, 304B, 304C, and 304D that are detection devices 304.
  • the response device 104 is an example of a second response device.
  • the response device 105 is an example of a first response device.
  • the detection system 404 is not limited to a configuration including four detection devices 304, and may be a configuration including one detection device 304. In this case, the detection device 304 monitors all networks NW2, described below, in the detection system 404.
  • the response device 105 is a connector that can be attached to the communication device 112.
  • the response device 105A is attached to a communication port (not shown) of the communication device 112A
  • the response device 105B is attached to a communication port (not shown) of the communication device 112B
  • the response device 105C is attached to a communication port (not shown) of the communication device 112C
  • the response device 105D is attached to a communication port (not shown) of the communication device 112D.
  • the detection system 404 includes networks NW2a and NW2b.
  • Network NW2a is composed of switch device 141A, response devices 104A, 104B, 105A, 105B, communication devices 112A, 112B, and transmission lines 4A, 4B.
  • Network NWb is composed of switch device 141B, response devices 104C, 104D, 105C, 105D, communication devices 112C, 112D, and transmission lines 4C, 4D.
  • each of networks NW2a and NW2b will also be referred to as network NW2.
  • the detection device 304 detects a path block in the network NW2 as an abnormality in the corresponding network NW2.
  • the path block includes a physical path block by cutting the transmission line 4, and a logical path block by adding an unauthorized filter device to the transmission line 4 that discards some or all messages.
  • communication devices 112C and 112D are communicatively connected to an external network via gateway device 122, while communication devices 112A and 112B are restricted from communicating with the external network. If a detour is inserted between networks NW2a and NW2b, communication devices 112A and 112B will be communicatively connected to the external network via gateway device 122, switch device 141B, and the detour. Therefore, detection device 304 detects the insertion of the detour as an abnormality in network NW2.
  • the response device 105 includes a connection switch 70 and a response unit 80.
  • the response unit 80 includes a communication unit 81, a processing unit 83, and a storage unit 84.
  • the communication unit 81 is an example of a receiving unit and an example of a transmitting unit.
  • the processing unit 83 is an example of a generating unit.
  • the communication unit 81 and the processing unit 83 are partly or entirely realized by a processing circuit including one or more processors.
  • the storage unit 84 is, for example, a non-volatile memory included in the processing circuit.
  • the storage unit 84 stores key information K unique to the response device 105.
  • the connection switch 70 connects or disconnects the transmission line 4 and the communication device 112.
  • the communication unit 81 and the communication device 112 may be connected or disconnected via the connection switch 70, or the connection state may be switchable.
  • the transmission line 4 and the communication unit 81 may always be connected via the connection switch 70, or may be disconnected when the transmission line 4 and the communication device 112 are connected.
  • the transmitting/receiving unit 41 in the detection device 304 receives aggregated data Rx2, which is an aggregate of response data R generated by the response devices 104, 105, via the transmission line 3.
  • the detection unit 42 performs detection processing to detect an abnormality in the network NW2, based on reference information RF2 based on the configuration of the network NW2 and the aggregated data Rx2 received by the transmitting/receiving unit 41.
  • the detection processing in the detection device 304A will be representatively described below.
  • the memory unit 43 in the detection device 304A stores reference information RF2a indicating two types of key information K for the response devices 104A and 105A connected to the transmission line 4A.
  • the transmitter/receiver 41 in the detection device 304A receives a message from the response device 104 via the transmission line 3A.
  • the transmitter/receiver 41 acquires aggregate data Rx2a from the received message and outputs the acquired aggregate data Rx2a to the detection unit 42.
  • the detection unit 42 compares the aggregated data Rx2a received from the transmission/reception unit 41 with the generated data Ma corresponding to the response device 104A and the generated data Ma corresponding to the response device 105A. For example, the detection unit 42 determines that the detection condition C1 is met when at least one of the two response data Ra aggregated in the aggregated data Rx2a does not match the corresponding generated data Ma. On the other hand, the detection unit 42 determines that the detection condition C1 is not met when the two response data Ra aggregated in the aggregated data Rx2a received by the transmission/reception unit 41 match the two generated generated data Ma.
  • the detection unit 42 determines that the detection condition C2 is satisfied. On the other hand, if the number of response data R aggregated in the aggregated data Rx2a is two, the detection unit 42 determines that the detection condition C2 is not satisfied.
  • the detection unit 42 also checks whether or not there is response data R received by the transmission/reception unit 41 during a period other than the reception period TRa. For example, if there is response data R received by the transmission/reception unit 41 separately from the aggregated data Rx2a, the detection unit 42 determines that the detection condition C3 is satisfied. On the other hand, if there is no response data R received by the transmission/reception unit 41 separately from the aggregated data Rx2a, the detection unit 42 determines that the detection condition C3 is not satisfied.
  • the detection unit 42 detects an abnormality in the network NW2a based on the result of the determination of whether or not the detection conditions C1, C2, and C3 are satisfied. More specifically, when the detection unit 42 determines that at least one of the detection conditions C1, C2, and C3 is satisfied, it determines that an abnormality has occurred in the network NW2a.
  • the detection unit 42 determines that there is an unauthorized device masquerading as the response device 104A, 105A. Also, for example, if detection condition C2 is satisfied and the number of response data R aggregated in aggregated data Rx2a is less than two, the detection unit 42 determines that a route blockage has occurred in the network NW2a. Also, for example, if detection condition C2 is satisfied and the number of response data R aggregated in aggregated data Rx2a is more than two, or if detection condition C3 is satisfied, the detection unit 42 determines that a detour has been inserted in the network NW2a.
  • the detection unit 42 determines that an abnormality has occurred in the network NW2a, it transmits abnormality information indicating that an abnormality has occurred in a message to the response devices 104A, 105A via the transmission line 3A.
  • the detection unit 42 also notifies the user of the detection system 404 that an abnormality has occurred in the network NW2a by voice or display.
  • the detection unit 42 may be configured not to transmit the abnormality information to the response devices 104A, 105A and/or notify the user.
  • the detection unit 42 may also be configured to transmit a message indicating that an abnormality has occurred in the network NW2a to a user terminal owned by the user via a network not shown.
  • the processing unit 83 in the response device 105A receives abnormality information from the detection device 304A via the transmission line 3A and the communication unit 81, it cuts off the electrical connection between the transmission line 4A in the connection switch 70 and the communication device 112A.
  • the processing unit 83 may be configured not to cut off the electrical connection between the transmission line 4A and the communication device 112A.
  • the processing unit 63 may be configured to output the response data R generated in the response device 105 and the response data R generated by the processing unit 63 to the communication unit 61, instead of generating aggregate data Rx2.
  • the communication unit 61 generates a message including the two response data R received from the processing unit 63, and transmits the generated message to the detection device 304 via the transmission line 3.
  • the response device 104 may be configured to detect abnormalities in the networks NW2a and NW2b based on the number of response data R received from the response device 104 and the timing of receiving the response data R, similar to the detection device 304.
  • the detection system 404 may be configured to include two response devices attached to the gateway device 122 and the switch device 141, respectively, and connected to each other via the transmission line 5, and a detection device that detects abnormalities in the network including the gateway device 122, the switch device, and the transmission line 5.
  • the detection device detects the path interruption and the insertion of a detour between the gateway device 122 and the switch device based on the response data R received from the two response devices.
  • the detection system 404 is not limited to a configuration including four detection devices 304, and may be configured to include one detection device 304 that monitors all of the networks NW2.
  • the detection device 304 transmits response data generation information Ga to the response devices 104A and 105A via the transmission line 3A, transmits response data generation information Gb to the response devices 104B and 105B via the transmission line 3B, transmits response data generation information Gc to the response devices 104C and 105C via the transmission line 3C, and transmits response data generation information Gd to the response devices 104D and 105D via the transmission line 3D.
  • the detection device 304 detects an abnormality in the network NW2a based on the reference information RF2a and the aggregated data Rx2a and Rx2b, and detects an abnormality in the network NW2b based on the reference information RF2b and the aggregated data Rx2c and Rx2d.
  • Fig. 11 is a diagram showing a configuration of a detection system according to a third modification of the second embodiment of the present disclosure.
  • the detection system 405 includes a detection device 305 instead of the detection device 304, response devices 106A, 106B, 106C, and 106D that are response devices 106 instead of the response devices 104A, 104B, 104C, and 104D, and response devices 107A, 107B, 107C, and 107D that are response devices 107 instead of the response devices 105A, 105B, 105C, and 105D.
  • the detection device 305 is connected to the gateway device 122 via a transmission line 6.
  • the transmission line 6 is, for example, an Ethernet cable.
  • the detection device 305 transmits response data generation information G used to generate response data R to the response devices 106 and 107. More specifically, the detection device 305 sets detection periods Pda, Pdb, Pdc, and Pdd into which the detection period Pd is divided into four. During the detection period Pda, the detection device 305 includes response data generation information Ga in an Ethernet frame and transmits it by multicast to the response devices 106A and 107A. Furthermore, during the detection period Pdb, the detection device 305 includes response data generation information Gb in an Ethernet frame and transmits it by multicast to the response devices 106B and 107B.
  • the detection device 305 includes response data generation information Gc in an Ethernet frame and transmits it by multicast to the response devices 106C and 107C.
  • the detection device 305 includes response data generation information Gd in an Ethernet frame and transmits it by multicast to the response devices 106D and 107D.
  • FIG. 12 is a diagram showing the configuration of a response device in a detection system according to the third modification of the second embodiment of the present disclosure.
  • response device 106 is different from response device 104 in that it has a relay unit 51 instead of a connection switch 50.
  • Response device 107 is different from response device 105 in that it has a relay unit 71 instead of a connection switch 70.
  • the relay units 51 and 71 perform relay processing of Ethernet frames.
  • the response device 106 receives response data generation information G from the detection device 305 via the gateway device 122 and the corresponding switch device 141, and generates response data R based on the received response data generation information G.
  • the response device 106 includes the generated response data R in an Ethernet frame and transmits it to the detection device 305 via the corresponding switch device 141 and gateway device 122.
  • the response device 107 receives response data generation information G from the detection device 305 via the gateway device 122, the corresponding switch device 141, and the corresponding response device 106, and generates response data R based on the received response data generation information G.
  • the response device 107 includes the generated response data R in an Ethernet frame and transmits it to the detection device 305 via the corresponding response device 106, the corresponding switch device 141, and the gateway device 122.
  • detection device 305 detects anomalies in network NW2 based on reference information RF2 based on the configuration of network NW2 and response data R transmitted by response devices 106 and 107, respectively.
  • detection system 405 can detect anomalies in network NW2 without using transmission line 3.
  • the detection system 405 may be configured to include two response devices, in addition to or instead of the response devices 106 and 107, that are attached to the gateway device 122 and the switch device 141, respectively, and connected to each other via the transmission line 5.
  • the detection device 305 detects the path interruption and the insertion of a detour between the gateway device 122 and the switch device based on the response data R received from the two response devices.
  • FIG. 13 is a diagram illustrating an example of a sequence of a detection process in the detection system according to the second embodiment of the present disclosure.
  • Fig. 13 illustrates the detection process in the detection device 304A.
  • the detection device 304A transmits the response data generation information Ga to the response devices 104A and 105A via the transmission line 3A (step S31).
  • the response device 104A switches the state of the connection switch 50 to the second state described above. Also, the response device 105A switches the state of the connection switch 70 to the fourth state described above (step S32).
  • the response devices 104A and 105A generate response data Ra using the response data generation information Ga received from the detection device 304A and the key information K (step S33).
  • the response device 104A transmits the transmission command to the response device 105A via the transmission line 4A (step S34).
  • the response device 105A receives the transmission command and transmits the response data Ra to the response device 104A via the transmission line 4A (step S35).
  • the response device 104A transmits the generated aggregate data Rx2a to the detection device 304A via the transmission line 3A (step S37).
  • the detection device 304A performs detection processing based on the reference information RF2a based on the configuration of the network NW2a and the aggregated data Rx2A received from the response device 104A (step S38).
  • FIG. 14 is a diagram showing an example of a detection processing sequence in a detection system according to Variation 3 of the second embodiment of the present disclosure.
  • the detection device 305 when the transmission timing ta arrives, the detection device 305 includes the response data generation information Ga in an Ethernet frame and transmits it by multicast to the response devices 106A and 107A (step S41).
  • the response devices 106A and 107A generate response data Ra using the response data generation information Ga received from the detection device 305 and the key information K (step S42).
  • the response device 106A includes the generated response data R in an Ethernet frame and transmits it to the detection device 305 via the switch device 141A and the gateway device 122 (step S43).
  • the response device 107A also includes the generated response data R in an Ethernet frame and transmits it to the detection device 305 via the response device 106A, the switch device 141A, and the gateway device 122 (step S44).

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A detection system comprising a response device and a detection device which detects an abnormality in a network containing the response device and transmission paths, wherein: the detection device transmits response data generation information to be used in the generation of response data to the response device via a first transmission path; the response device generates response data on the basis of the response data generation information received from the detection device and transmits the generated response data to the detection device via a second transmission path; the detection device detects an abnormality in the network on the basis of the response data and reference information based on the configuration of the network; and at least one of the first transmission path and the second transmission path includes a main transmission path for transmitting a main signal in the network.

Description

検知システム、検知装置、応答用装置および検知方法DETECTION SYSTEM, DETECTION DEVICE, RESPONSE DEVICE AND DETECTION METHOD - Patent application

 本開示は、検知システム、検知装置、応答用装置および検知方法に関する。
 この出願は、2023年8月1日に出願された日本出願特願2023-125266号を基礎とする優先権を主張し、その開示のすべてをここに取り込む。 The present disclosure relates to detection systems, detection devices, response devices and detection methods.
This application claims priority based on Japanese Patent Application No. 2023-125266, filed on August 1, 2023, the disclosure of which is incorporated herein in its entirety.

 特許文献1(特開2003-191804号公報)には、以下のような車両用通信システムが開示されている。すなわち、車両用通信システムは、車両に搭載された複数の電気的装置に、車両に配線された通信線を介してデータ通信を行う通信手段を設けて、各電気的装置間でデータを送受信できるようにした車両用通信システムであって、前記各電気的装置に、夫々、異なる通信線を使って同一データを通信するための複数の通信手段と、該複数の通信手段を用いた通信によって得られる複数の受信データの中から正常な受信データを選択する選択手段と、を設け、前記複数の通信手段の一つを、他の通信手段よりも遅い通信速度でデータ通信を行う低速通信手段とすることにより、該低速通信手段によるデータ通信の信頼性を他の通信手段よりも高くする。 Patent Document 1 (JP Patent Publication 2003-191804A) discloses the following vehicle communication system. That is, the vehicle communication system is a vehicle communication system in which a plurality of electrical devices mounted on a vehicle are provided with communication means for performing data communication via communication lines wired to the vehicle, enabling data to be transmitted and received between each of the electrical devices, and each of the electrical devices is provided with a plurality of communication means for communicating the same data using different communication lines, and a selection means for selecting normal received data from a plurality of received data obtained by communication using the plurality of communication means, and one of the plurality of communication means is a low-speed communication means for performing data communication at a communication speed slower than the other communication means, thereby making the reliability of data communication by the low-speed communication means higher than that of the other communication means.

特開2003-191804号公報JP 2003-191804 A

 本開示の検知システムは、応答用装置と、前記応答用装置および伝送路を含むネットワークの異常を検知する検知装置とを備え、前記検知装置は、応答データの生成に用いられる応答データ生成情報を、第1の伝送路を介して前記応答用装置へ送信し、前記応答用装置は、前記検知装置から受信した前記応答データ生成情報に基づいて前記応答データを生成し、生成した前記応答データを、第2の伝送路を介して前記検知装置へ送信し、前記検知装置は、前記ネットワークの構成に基づく参照情報と、前記応答用装置により送信された前記応答データとに基づいて、前記ネットワークの異常を検知し、前記第1の伝送路および前記第2の伝送路の少なくともいずれか一方は、前記ネットワークにおける主信号を伝送する主伝送路を含む。 The detection system of the present disclosure includes a response device and a detection device that detects an abnormality in a network including the response device and a transmission path, the detection device transmits response data generation information used to generate response data to the response device via a first transmission path, the response device generates the response data based on the response data generation information received from the detection device and transmits the generated response data to the detection device via a second transmission path, the detection device detects an abnormality in the network based on reference information based on the configuration of the network and the response data transmitted by the response device, and at least one of the first transmission path and the second transmission path includes a main transmission path that transmits a main signal in the network.

 本開示の一態様は、このような特徴的な処理部を備える検知システムとして実現され得るだけでなく、かかる特徴的な処理のステップをコンピュータに実行させるためのプログラムとして実現され得たり、検知システムの一部または全部を実現する半導体集積回路として実現され得る。 One aspect of the present disclosure can be realized not only as a detection system equipped with such characteristic processing units, but also as a program for causing a computer to execute such characteristic processing steps, or as a semiconductor integrated circuit that realizes part or all of the detection system.

図1は、本開示の第1の実施の形態に係る検知システムの構成を示す図である。FIG. 1 is a diagram illustrating a configuration of a detection system according to a first embodiment of the present disclosure. 図2は、本開示の第1の実施の形態に係る検知システムにおける検知装置の構成を示す図である。FIG. 2 is a diagram illustrating a configuration of a detection device in the detection system according to the first embodiment of the present disclosure. 図3は、本開示の第1の実施の形態に係る検知システムにおける応答用装置の構成を示す図である。FIG. 3 is a diagram showing a configuration of a response device in the detection system according to the first embodiment of the present disclosure. 図4は、本開示の第1の実施の形態の変形例1に係る検知システムの構成を示す図である。FIG. 4 is a diagram illustrating a configuration of a detection system according to a first modification of the first embodiment of the present disclosure. 図5は、本開示の第1の実施の形態の変形例2に係る検知システムの構成を示す図である。FIG. 5 is a diagram illustrating a configuration of a detection system according to a second modification of the first embodiment of the present disclosure. 図6は、本開示の第1の実施の形態に係る検知システムにおける検知処理のシーケンスの一例を示す図である。FIG. 6 is a diagram illustrating an example of a sequence of a detection process in the detection system according to the first embodiment of the present disclosure. 図7は、本開示の第1の実施の形態の変形例1に係る検知システムにおける検知処理のシーケンスの一例を示す図である。FIG. 7 is a diagram illustrating an example of a sequence of a detection process in the detection system according to the first modification of the first embodiment of the present disclosure. 図8は、本開示の第2の実施の形態に係る検知システムの構成を示す図である。FIG. 8 is a diagram illustrating a configuration of a detection system according to the second embodiment of the present disclosure. 図9は、本開示の第2の実施の形態に係る検知システムにおける検知装置の構成を示す図である。FIG. 9 is a diagram illustrating a configuration of a detection device in a detection system according to the second embodiment of the present disclosure. 図10は、本開示の第2の実施の形態に係る検知システムにおける応答用装置の構成を示す図である。FIG. 10 is a diagram showing a configuration of a response device in a detection system according to a second embodiment of the present disclosure. 図11は、本開示の第2の実施の形態の変形例3に係る検知システムの構成を示す図である。FIG. 11 is a diagram illustrating a configuration of a detection system according to a third modification of the second embodiment of the present disclosure. 図12は、本開示の第2の実施の形態の変形例3に係る検知システムにおける応答用装置の構成を示す図である。FIG. 12 is a diagram illustrating a configuration of a response device in a detection system according to a third modification of the second embodiment of the present disclosure. 図13は、本開示の第2の実施の形態に係る検知システムにおける検知処理のシーケンスの一例を示す図である。FIG. 13 is a diagram illustrating an example of a sequence of a detection process in the detection system according to the second embodiment of the present disclosure. 図14は、本開示の第2の実施の形態の変形例3に係る検知システムにおける検知処理のシーケンスの一例を示す図である。FIG. 14 is a diagram illustrating an example of a sequence of a detection process in a detection system according to a third modification of the second embodiment of the present disclosure.

 従来、ネットワークにおけるデータ通信の信頼性を向上させるための技術が開発されている。  Technologies have been developed to improve the reliability of data communications in networks.

 [本開示が解決しようとする課題]
 特許文献1に記載の技術を超えて、ネットワークにおけるセキュリティを向上させることが可能な技術が望まれる。 [Problem to be solved by the present disclosure]
There is a demand for technology that can improve security in a network beyond the technology described in Patent Document 1.

 本開示は、上述の課題を解決するためになされたもので、その目的は、ネットワークにおけるセキュリティを向上させることが可能な検知システム、検知装置、応答用装置および検知方法を提供することである。 The present disclosure has been made to solve the above-mentioned problems, and its purpose is to provide a detection system, detection device, response device, and detection method that can improve security in a network.

 [本開示の効果]
 本開示によれば、ネットワークにおけるセキュリティを向上させることができる。 [Effects of the present disclosure]
According to the present disclosure, security in a network can be improved.

 [本開示の実施形態の説明]
 最初に、本開示の実施形態の内容を列記して説明する。 [Description of the embodiments of the present disclosure]
First, the contents of the embodiments of the present disclosure will be listed and described.

 (1)本開示の実施の形態に係る検知システムは、応答用装置と、前記応答用装置および伝送路を含むネットワークの異常を検知する検知装置とを備え、前記検知装置は、応答データの生成に用いられる応答データ生成情報を、第1の伝送路を介して前記応答用装置へ送信し、前記応答用装置は、前記検知装置から受信した前記応答データ生成情報に基づいて前記応答データを生成し、生成した前記応答データを、第2の伝送路を介して前記検知装置へ送信し、前記検知装置は、前記ネットワークの構成に基づく参照情報と、前記応答用装置により送信された前記応答データとに基づいて、前記ネットワークの異常を検知し、前記第1の伝送路および前記第2の伝送路の少なくともいずれか一方は、前記ネットワークにおける主信号を伝送する主伝送路を含む。 (1) A detection system according to an embodiment of the present disclosure includes a response device and a detection device that detects an abnormality in a network including the response device and a transmission path, the detection device transmits response data generation information used to generate response data to the response device via a first transmission path, the response device generates the response data based on the response data generation information received from the detection device and transmits the generated response data to the detection device via a second transmission path, the detection device detects an abnormality in the network based on reference information based on the configuration of the network and the response data transmitted by the response device, and at least one of the first transmission path and the second transmission path includes a main transmission path that transmits a main signal in the network.

 このように、ネットワークの構成に基づく参照情報と、伝送路を介して伝送された応答データとに基づいて、ネットワークの異常を検知する構成により、たとえば参照情報と応答データとの比較結果に基づいて、ネットワーク構成の変更をネットワークの異常として検知することができる。したがって、ネットワークにおけるセキュリティを向上させることができる。 In this way, by using a configuration that detects network anomalies based on reference information based on the network configuration and response data transmitted over a transmission path, it is possible to detect changes in the network configuration as a network anomaly, for example, based on the results of comparing the reference information with the response data. This makes it possible to improve security in the network.

 (2)上記(1)において、前記第1の伝送路は前記主伝送路であり、かつ前記第2の伝送路は前記ネットワークの異常の検知に用いられる専用線であるか、または、前記第2の伝送路は前記主伝送路であり、かつ前記第1の伝送路は前記ネットワークの異常の検知に用いられる専用線であってもよい。 (2) In the above (1), the first transmission path may be the main transmission path and the second transmission path may be a dedicated line used to detect abnormalities in the network, or the second transmission path may be the main transmission path and the first transmission path may be a dedicated line used to detect abnormalities in the network.

 このような構成により、主伝送路を用いた通信に与える影響を抑制しながら、ネットワークの異常を検知することができる。 This configuration makes it possible to detect network anomalies while minimizing the impact on communications using the main transmission line.

 (3)上記(2)において、前記第1の伝送路は、前記専用線であってもよく、前記第2の伝送路は、前記主伝送路であってもよい。 (3) In the above (2), the first transmission path may be the dedicated line, and the second transmission path may be the main transmission path.

 このような構成により、たとえば複数の応答用装置への応答データ生成情報の送信を、専用線を用いて柔軟に行うことができる。 With this configuration, for example, response data generation information can be flexibly sent to multiple response devices using a dedicated line.

 (4)上記(1)から(3)のいずれかにおいて、前記応答用装置は、前記応答用装置の固有情報にさらに基づいて前記応答データを生成し、生成した前記応答データを、前記第2の伝送路を介して前記検知装置へ送信してもよく、前記参照情報は、前記固有情報を含んでもよく、前記検知装置は、前記参照情報に含まれる前記固有情報および前記応答用装置へ送信した前記応答データ生成情報に基づいて生成データを生成し、受信した前記応答データを前記生成データと照合し、照合結果に基づいて、前記ネットワークの異常を検知してもよい。 (4) In any of (1) to (3) above, the response device may generate the response data further based on unique information of the response device and transmit the generated response data to the detection device via the second transmission path, and the reference information may include the unique information. The detection device may generate generated data based on the unique information included in the reference information and the response data generation information transmitted to the response device, compare the received response data with the generated data, and detect an abnormality in the network based on the comparison result.

 このような構成により、たとえば、応答用装置において生成された応答データと、検知装置において参照情報に基づいて生成された応答データとの照合結果に基づいて、応答用装置になりすました不正装置の存在をネットワークの異常として検知することができる。 With this configuration, for example, the presence of a fraudulent device masquerading as a response device can be detected as a network anomaly based on the results of comparing response data generated in the response device with response data generated in the detection device based on reference information.

 (5)上記(1)から(4)のいずれかにおいて、前記検知装置は、受信した前記応答データの数に基づいて、前記ネットワークの異常を検知してもよい。 (5) In any of (1) to (4) above, the detection device may detect an anomaly in the network based on the number of pieces of response data received.

 このような構成により、たとえば、受信した応答データの数がネットワークにおける応答用装置の数よりも多い場合、ネットワークにおいて迂回路が挿入されていると判定することができ、受信した応答データの数がネットワークにおける応答用装置の数よりも少ない場合、ネットワークにおいて経路遮断が発生していると判定することができる。 With this configuration, for example, if the number of received response data is greater than the number of response devices in the network, it can be determined that a detour has been inserted in the network, and if the number of received response data is less than the number of response devices in the network, it can be determined that a route blockage has occurred in the network.

 (6)上記(1)から(5)のいずれかにおいて、前記検知装置は、受信した前記応答データの受信タイミングに基づいて、前記ネットワークの異常を検知してもよい。 (6) In any of (1) to (5) above, the detection device may detect an abnormality in the network based on the timing of receiving the response data.

 このような構成により、たとえば、応答データの受信タイミングが、応答データ生成情報の送信タイミングに応じたタイミングとは異なる場合、他のネットワークにおいて生成された応答データが伝送される迂回路が挿入されていると判定することができる。 With this configuration, for example, if the timing of receiving the response data differs from the timing corresponding to the timing of sending the response data generation information, it can be determined that a detour has been inserted to transmit the response data generated in another network.

 (7)上記(1)から(6)のいずれかにおいて、共通の物理的な伝送線を用いて、論理的な前記第1の伝送路および論理的な前記第2の伝送路が設けられてもよく、前記検知装置および前記応答用装置は、前記伝送線において前記応答データ生成情報および前記応答データを多重して送信してもよい。 (7) In any of (1) to (6) above, the first logical transmission path and the second logical transmission path may be provided using a common physical transmission line, and the detection device and the response device may multiplex and transmit the response data generation information and the response data on the transmission line.

 このような構成により、ネットワークにおける主伝送路とは別の伝送線を用いることなく、ネットワークの異常を検知することができる。 This configuration makes it possible to detect network anomalies without using a transmission line separate from the main transmission line in the network.

 (8)上記(1)から(7)のいずれかにおいて、前記検知システムは、さらに、集約装置を備えてもよく、前記集約装置は、複数の前記応答用装置によりそれぞれ生成された複数の前記応答データが集約された集約データを生成し、生成した前記集約データを前記検知装置へ送信してもよい。 (8) In any of (1) to (7) above, the detection system may further include an aggregation device, and the aggregation device may generate aggregated data in which the multiple response data generated by the multiple response devices are aggregated, and transmit the generated aggregated data to the detection device.

 このような構成により、応答データの伝送による通信トラフィックの増大を抑制するとともに、検知装置における応答データの検証を効率化することができる。 This configuration can reduce the increase in communication traffic caused by the transmission of response data, and can also improve the efficiency of verifying response data in the detection device.

 (9)本開示の実施の形態に係る検知システムは、第1の応答用装置と、第2の応答用装置と、前記第1の応答用装置、前記第2の応答用装置および伝送路を含むネットワークの異常を検知する検知装置とを備え、前記検知装置は、応答データの生成に用いられる応答データ生成情報を、第1の伝送路を介して前記第1の応答用装置および前記第2の応答用装置へ送信し、前記第1の応答用装置は、前記検知装置から受信した前記応答データ生成情報に基づいて、前記応答データである第1の応答データを生成し、生成した前記第1の応答データを、第2の伝送路を介して前記第2の応答用装置へ送信し、前記第2の応答用装置は、前記検知装置から受信した前記応答データ生成情報に基づいて、前記応答データである第2の応答データを生成し、生成した前記第2の応答データおよび前記第1の応答用装置から受信した前記第1の応答データを前記検知装置へ送信し、前記検知装置は、前記ネットワークの構成に基づく参照情報と、前記第1の応答用装置により送信された前記第1の応答データと、前記第2の応答用装置により送信された前記第2の応答データとに基づいて、前記ネットワークの異常を検知し、前記第1の伝送路および前記第2の伝送路の少なくともいずれか一方は、前記ネットワークにおける主信号を伝送する主伝送路を含む。 (9) A detection system according to an embodiment of the present disclosure includes a first response device, a second response device, and a detection device that detects an abnormality in a network including the first response device, the second response device, and a transmission path, wherein the detection device transmits response data generation information used to generate response data to the first response device and the second response device via a first transmission path, the first response device generates first response data, which is the response data, based on the response data generation information received from the detection device, transmits the generated first response data to the second response device via a second transmission path, and transmits the generated first response data to the second response device via a second transmission path. The device generates second response data, which is the response data, based on the response data generation information received from the detection device, and transmits the generated second response data and the first response data received from the first response device to the detection device, and the detection device detects an abnormality in the network based on reference information based on the configuration of the network, the first response data transmitted by the first response device, and the second response data transmitted by the second response device, and at least one of the first transmission path and the second transmission path includes a main transmission path that transmits a main signal in the network.

 このように、ネットワークの構成に基づく参照情報と、伝送路を介して伝送された応答データとに基づいて、ネットワークの異常を検知する構成により、たとえば参照情報と応答データとの比較結果に基づいて、ネットワーク構成の変更をネットワークの異常として検知することができる。したがって、ネットワークにおけるセキュリティを向上させることができる。 In this way, by using a configuration that detects network anomalies based on reference information based on the network configuration and response data transmitted over a transmission path, it is possible to detect changes in the network configuration as a network anomaly, for example, based on the results of comparing the reference information with the response data. This makes it possible to improve security in the network.

 (10)本開示の実施の形態に係る検知装置は、応答データの生成に用いられる応答データ生成情報を、第1の伝送路を介してネットワークにおける応答用装置へ送信する送信部と、前記応答データ生成情報に基づく前記応答データであって、前記応答用装置により送信された前記応答データを、第2の伝送路を介して受信する受信部と、前記ネットワークの構成に基づく参照情報と、前記受信部により受信された前記応答データとに基づいて、前記ネットワークの異常を検知する検知部とを備え、前記第1の伝送路および前記第2の伝送路の少なくともいずれか一方は、前記ネットワークにおける主信号を伝送する主伝送路を含む。 (10) A detection device according to an embodiment of the present disclosure includes a transmission unit that transmits response data generation information used to generate response data to a response device in a network via a first transmission path, a reception unit that receives the response data, which is based on the response data generation information, via a second transmission path, and a detection unit that detects an abnormality in the network based on reference information based on the configuration of the network and the response data received by the reception unit, and at least one of the first transmission path and the second transmission path includes a main transmission path that transmits a main signal in the network.

 このように、伝送路を介して応答データ生成情報を応答用装置へ送信し、ネットワークの構成に基づく参照情報と、伝送路を介して受信した応答データとに基づいて、ネットワークの異常を検知する構成により、たとえば参照情報と応答データとの比較結果に基づいて、ネットワーク構成の変更をネットワークの異常として検知することができる。したがって、ネットワークにおけるセキュリティを向上させることができる。 In this way, by transmitting response data generation information to a response device via a transmission path and detecting network abnormalities based on reference information based on the network configuration and the response data received via the transmission path, it is possible to detect changes in the network configuration as network abnormalities, for example, based on the results of comparing the reference information with the response data. This makes it possible to improve security in the network.

 (11)本開示の実施の形態に係る応答用装置は、ネットワークにおける通信機器に取り付けられる応答用装置であって、応答データの生成に用いられる応答データ生成情報を、第1の伝送路を介して、前記ネットワークの異常を検知する検知装置から受信する受信部と、前記受信部により受信された前記応答データ生成情報に基づいて前記応答データを生成する生成部と、前記生成部により生成された前記応答データを、第2の伝送路を介して他の装置へ送信する送信部とを備え、前記第1の伝送路および前記第2の伝送路の少なくともいずれか一方は、前記ネットワークにおける主信号を伝送する主伝送路を含む。 (11) A response device according to an embodiment of the present disclosure is a response device attached to a communication device in a network, and includes a receiver that receives response data generation information used to generate response data from a detection device that detects an abnormality in the network via a first transmission path, a generator that generates the response data based on the response data generation information received by the receiver, and a transmitter that transmits the response data generated by the generator to another device via a second transmission path, and at least one of the first transmission path and the second transmission path includes a main transmission path that transmits a main signal in the network.

 このように、ネットワークにおける通信機器に取り付けられる応答用装置において、伝送路を介して受信した応答データ生成情報に基づく応答データを、伝送路を介して他の装置へ送信する構成により、たとえば、当該他の装置において、ネットワークの構成に基づく情報と、応答用装置から受信した応答データとの比較結果に基づいて、ネットワーク構成の変更をネットワークの異常として検知することができる。したがって、ネットワークにおけるセキュリティを向上させることができる。 In this way, in a response device attached to a communication device in a network, response data based on response data generation information received via a transmission line is transmitted to another device via the transmission line, so that, for example, the other device can detect a change in the network configuration as a network anomaly based on the results of a comparison between information based on the network configuration and the response data received from the response device. This can improve security in the network.

 (12)本開示の実施の形態に係る応答用装置は、応答データの生成に用いられる応答データ生成情報を、第1の伝送路を介して、ネットワークの異常を検知する検知装置から受信する受信部と、前記受信部により受信された前記応答データ生成情報に基づいて前記応答データを生成する生成部と、前記生成部により生成された前記応答データを、第2の伝送路を介して他の装置へ送信する送信部とを備え、前記第1の伝送路は前記ネットワークにおける主信号を伝送する主伝送路であり、かつ前記第2の伝送路は前記ネットワークの異常の検知に用いられる専用線であるか、または、前記第2の伝送路は前記主伝送路であり、かつ前記第1の伝送路は前記ネットワークの異常の検知に用いられる専用線である。 (12) A response device according to an embodiment of the present disclosure includes a receiving unit that receives response data generation information used to generate response data from a detection device that detects network abnormalities via a first transmission path, a generating unit that generates the response data based on the response data generation information received by the receiving unit, and a transmitting unit that transmits the response data generated by the generating unit to another device via a second transmission path, wherein the first transmission path is a main transmission path that transmits a main signal in the network and the second transmission path is a dedicated line used to detect abnormalities in the network, or the second transmission path is the main transmission path and the first transmission path is a dedicated line used to detect abnormalities in the network.

 このように、ネットワークにおける主信号を伝送する主伝送路および専用線を用いて、応答データ生成情報を受信して応答データを他の装置へ送信する構成により、主伝送路を用いた通信に与える影響を抑制しながら、たとえば、当該他の装置において、ネットワークの構成に基づく情報と、応答用装置から受信した応答データとの比較結果に基づいて、ネットワーク構成の変更をネットワークの異常として検知することができる。したがって、ネットワークにおけるセキュリティを向上させることができる。 In this way, by using the main transmission path that transmits the main signal in the network and the dedicated line to receive response data generation information and transmit the response data to another device, it is possible to suppress the impact on communications using the main transmission path, while, for example, in the other device, based on the comparison result between information based on the network configuration and the response data received from the response device, detect a change in the network configuration as a network abnormality. Therefore, security in the network can be improved.

 (13)本開示の実施の形態に係る検知方法は、応答用装置と、前記応答用装置および伝送路を含むネットワークの異常を検知する検知装置とを備える検知システムにおける検知方法であって、前記検知装置が、応答データの生成に用いられる応答データ生成情報を、第1の伝送路を介して前記応答用装置へ送信するステップと、前記応答用装置が、前記検知装置から受信した前記応答データ生成情報に基づいて前記応答データを生成し、生成した前記応答データを、第2の伝送路を介して前記検知装置へ送信するステップと、前記検知装置が、前記ネットワークの構成に基づく参照情報と、前記応答用装置により送信された前記応答データとに基づいて、前記ネットワークの異常を検知するステップとを含み、前記第1の伝送路および前記第2の伝送路の少なくともいずれか一方は、前記ネットワークにおける主信号を伝送する主伝送路を含む。 (13) A detection method according to an embodiment of the present disclosure is a detection method in a detection system including a response device and a detection device that detects an abnormality in a network including the response device and a transmission path, the detection device transmitting response data generation information used to generate response data to the response device via a first transmission path, the response device generating the response data based on the response data generation information received from the detection device and transmitting the generated response data to the detection device via a second transmission path, and the detection device detecting an abnormality in the network based on reference information based on the configuration of the network and the response data transmitted by the response device, and at least one of the first transmission path and the second transmission path includes a main transmission path that transmits a main signal in the network.

 このように、ネットワークの構成に基づく参照情報と、伝送路を介して伝送された応答データとに基づいて、ネットワークの異常を検知する方法により、たとえば参照情報と応答データとの比較結果に基づいて、ネットワーク構成の変更をネットワークの異常として検知することができる。したがって、ネットワークにおけるセキュリティを向上させることができる。 In this way, by using a method for detecting network anomalies based on reference information based on the network configuration and response data transmitted over a transmission path, it is possible to detect a change in the network configuration as a network anomaly, for example, based on the results of comparing the reference information with the response data. This makes it possible to improve security in the network.

 以下、本開示の実施の形態について図面を用いて説明する。なお、図中同一または相当部分には同一符号を付してその説明は繰り返さない。また、以下に記載する実施の形態の少なくとも一部を任意に組み合わせてもよい。 Below, embodiments of the present disclosure will be described with reference to the drawings. Note that the same or equivalent parts in the drawings will be given the same reference numerals and their description will not be repeated. In addition, at least some of the embodiments described below may be combined in any manner.

 <第1の実施の形態>
 [構成および基本動作]
 図1は、本開示の第1の実施の形態に係る検知システムの構成を示す図である。図1を参照して、検知システム401は、応答用装置101である応答用装置101A,101Bと、通信機器111である通信機器111A,111Bと、ゲートウェイ装置121と、検知装置301である検知装置301A,301Bとを備える。たとえば、検知システム401は、M個の応答用装置101Aと、M個の通信機器111Aと、N個の応答用装置101Bと、N個の通信機器111Bとを備える。M,Nは、2以上の整数である。なお、検知システム401は、1つの応答用装置101Aおよび通信機器111Aを備える構成であってもよいし、1つの応答用装置101Bおよび通信機器111Bを備える構成であってもよい。 First Embodiment
[Configuration and basic operation]
Fig. 1 is a diagram showing a configuration of a detection system according to a first embodiment of the present disclosure. Referring to Fig. 1, the detection system 401 includes response devices 101A and 101B that are response devices 101, communication devices 111A and 111B that are communication devices 111, a gateway device 121, and detection devices 301A and 301B that are detection devices 301. For example, the detection system 401 includes M response devices 101A, M communication devices 111A, N response devices 101B, and N communication devices 111B. M and N are integers equal to or greater than 2. The detection system 401 may include one response device 101A and one communication device 111A, or one response device 101B and one communication device 111B.

 たとえば、検知システム401は、工場およびプラントなどの産業制御システムにおけるネットワークに用いられる。この場合、通信機器111は、たとえば、電源制御部、ロボット、センサ、またはアクチュエータ制御用のPLC(Programmable Logic Controller)である。 For example, the detection system 401 is used in a network in an industrial control system such as a factory or plant. In this case, the communication device 111 is, for example, a power supply control unit, a robot, a sensor, or a PLC (Programmable Logic Controller) for controlling an actuator.

 なお、検知システム401は、ホームネットワークまたは車載ネットワークに用いられてもよい。検知システム401が車載ネットワークに用いられる場合、通信機器111および検知装置301は、車載ECU(Electronic Control Unit)である。 The detection system 401 may be used in a home network or an in-vehicle network. When the detection system 401 is used in an in-vehicle network, the communication device 111 and the detection device 301 are an in-vehicle ECU (Electronic Control Unit).

 たとえば、応答用装置101は、通信機器111に取り付け可能なコネクタである。図1に示す例では、通信機器111Aの各々に応答用装置101Aが取り付けられており、通信機器111Bの各々に応答用装置101Bが取り付けられている。 For example, the answering device 101 is a connector that can be attached to the communication device 111. In the example shown in FIG. 1, the answering device 101A is attached to each of the communication devices 111A, and the answering device 101B is attached to each of the communication devices 111B.

 ゲートウェイ装置121および応答用装置101Aは、一対多で接続されている。より詳細には、ゲートウェイ装置121、応答用装置101Aおよび検知装置301Aは、伝送線2である伝送線2Aを介して互いに接続されている。また、検知装置301Aおよび応答用装置101Aは、伝送線1である伝送線1Aを介して互いに接続されている。伝送線1,2は、物理的な伝送路である。 The gateway device 121 and the response device 101A are connected in a one-to-many relationship. More specifically, the gateway device 121, the response device 101A, and the detection device 301A are connected to each other via transmission line 2A, which is transmission line 2. Furthermore, the detection device 301A and the response device 101A are connected to each other via transmission line 1A, which is transmission line 1. Transmission lines 1 and 2 are physical transmission paths.

 ゲートウェイ装置121および応答用装置101Bは、一対多で接続されている。より詳細には、ゲートウェイ装置121、応答用装置101Bおよび検知装置301Bは、伝送線2である伝送線2Bを介して互いに接続されている。また、検知装置301Bおよび応答用装置101Bは、伝送線1である伝送線1Bを介して互いに接続されている。 The gateway device 121 and the response device 101B are connected in a one-to-many relationship. More specifically, the gateway device 121, the response device 101B, and the detection device 301B are connected to each other via transmission line 2B, which is transmission line 2. Also, the detection device 301B and the response device 101B are connected to each other via transmission line 1B, which is transmission line 1.

 検知システム401は、ネットワークNWa,NWbを含む。ネットワークNWaは、ゲートウェイ装置121、応答用装置101A、通信機器111Aおよび伝送線2Aにより構成される。ネットワークNWbは、ゲートウェイ装置121、応答用装置101B、通信機器111Bおよび伝送線2Bにより構成される。以下、ネットワークNWa,NWbの各々をネットワークNWとも称する。 The detection system 401 includes networks NWa and NWb. Network NWa is composed of a gateway device 121, a response device 101A, a communication device 111A, and a transmission line 2A. Network NWb is composed of a gateway device 121, a response device 101B, a communication device 111B, and a transmission line 2B. Hereinafter, each of networks NWa and NWb will also be referred to as network NW.

 伝送線2Aは、ネットワークNWaにおける主信号を伝送する主伝送路を含む。伝送線2Bは、ネットワークNWbにおける主信号を伝送する主伝送路を含む。伝送線1Aは、ネットワークNWaにおける異常の検知に用いられる専用線である。伝送線1Bは、ネットワークNWbにおける異常の検知に用いられる専用線である。伝送線1は第1の伝送路の一例であり、伝送線2は第2の伝送路の一例である。 Transmission line 2A includes a main transmission path that transmits a main signal in network NWa. Transmission line 2B includes a main transmission path that transmits a main signal in network NWb. Transmission line 1A is a dedicated line used to detect abnormalities in network NWa. Transmission line 1B is a dedicated line used to detect abnormalities in network NWb. Transmission line 1 is an example of a first transmission path, and transmission line 2 is an example of a second transmission path.

 伝送線1,2は、たとえば、RS(Recommended Standard)-232C、RS-422AおよびRS-485等の規格に従うシリアル通信用の伝送線である。なお、伝送線1,2は、CAN(Controller Area Network)(登録商標)およびLIN(Local Interconnect Network)等の他の規格に従う伝送線であってもよい。 Transmission lines 1 and 2 are, for example, transmission lines for serial communication conforming to standards such as RS (Recommended Standard)-232C, RS-422A, and RS-485. Note that transmission lines 1 and 2 may also be transmission lines conforming to other standards such as CAN (Controller Area Network) (registered trademark) and LIN (Local Interconnect Network).

 通信機器111Aは、対応の応答用装置101Aおよび伝送線2Aを介して、ゲートウェイ装置121および他の通信機器111Aと通信を行う。通信機器111Bは、対応の応答用装置101Bおよび伝送線2Bを介して、ゲートウェイ装置121および他の通信機器111Bと通信を行う。一例として、通信機器111は、他の通信機器111宛のModbus(登録商標)に従うメッセージを、対応の応答用装置101および伝送線2経由でゲートウェイ装置121および他の通信機器111へ送信する。 Communication device 111A communicates with gateway device 121 and other communication devices 111A via corresponding response device 101A and transmission line 2A. Communication device 111B communicates with gateway device 121 and other communication devices 111B via corresponding response device 101B and transmission line 2B. As an example, communication device 111 transmits a message conforming to Modbus (registered trademark) addressed to other communication devices 111 to gateway device 121 and other communication devices 111 via corresponding response device 101 and transmission line 2.

 ゲートウェイ装置121は、たとえば、応答用装置101を介して異なる伝送線2に接続された通信機器111間でやり取りされるメッセージ、および検知システム401の外部における図示しない外部ネットワークと通信機器111との間でやり取りされるメッセージを中継する中継処理を行う。たとえば、通信機器111Aは、秘匿性の低いメッセージの送受信を行い、ゲートウェイ装置121を介して当該外部ネットワークと通信接続される。一方、通信機器111Bは、秘匿性の高いメッセージの送受信を行い、当該外部ネットワークとの通信接続は制限される。 The gateway device 121 performs relay processing to relay, for example, messages exchanged between communication devices 111 connected to different transmission lines 2 via the response device 101, and messages exchanged between communication devices 111 and an external network (not shown) outside the detection system 401. For example, communication device 111A sends and receives low-confidentiality messages, and is communicatively connected to the external network via the gateway device 121. On the other hand, communication device 111B sends and receives highly confidential messages, and its communicative connection to the external network is restricted.

 検知装置301Aは、定期的または不定期に、応答データRaの生成に用いられる応答データ生成情報Gaを、伝送線1Aを介して応答用装置101Aへ送信する。また、検知装置301Bは、定期的または不定期に、応答データRbの生成に用いられる応答データ生成情報Gbを、伝送線1Bを介して応答用装置101Bへ送信する。以下、応答データRa,Rbの各々を応答データRとも称し、応答データ生成情報Ga,Gbの各々を応答データ生成情報Gとも称する。 Detection device 301A periodically or irregularly transmits response data generation information Ga used to generate response data Ra to response device 101A via transmission line 1A. Detection device 301B also periodically or irregularly transmits response data generation information Gb used to generate response data Rb to response device 101B via transmission line 1B. Hereinafter, each of response data Ra and Rb will also be referred to as response data R, and each of response data generation information Ga and Gb will also be referred to as response data generation information G.

 各応答用装置101Aは、検知装置301Aから受信した応答データ生成情報Gaに基づいて応答データRaを生成し、生成した応答データRaを、伝送線2Aを介して検知装置301Aへ送信する。たとえば、応答用装置101Aは、ネットワークNWaにおける主信号が伝送される伝送線2Aに、応答データRaを周波数分割多重、時分割多重または符号分割多重することにより、応答データRaを検知装置301Aへ送信する。 Each response device 101A generates response data Ra based on the response data generation information Ga received from the detection device 301A, and transmits the generated response data Ra to the detection device 301A via the transmission line 2A. For example, the response device 101A transmits the response data Ra to the detection device 301A by frequency division multiplexing, time division multiplexing, or code division multiplexing the response data Ra onto the transmission line 2A over which the main signal in the network NWa is transmitted.

 また、各応答用装置101Bは、検知装置301Bから受信した応答データ生成情報Gbに基づいて応答データRbを生成し、生成した応答データRbを、伝送線2Bを介して検知装置301Bへ送信する。たとえば、応答用装置101Bは、ネットワークNWbにおける主信号が伝送される伝送線2Bに、応答データRbを周波数分割多重、時分割多重または符号分割多重することにより、応答データRbを検知装置301Bへ送信する。 Furthermore, each response device 101B generates response data Rb based on the response data generation information Gb received from the detection device 301B, and transmits the generated response data Rb to the detection device 301B via the transmission line 2B. For example, the response device 101B transmits the response data Rb to the detection device 301B by frequency division multiplexing, time division multiplexing, or code division multiplexing the response data Rb to the transmission line 2B over which the main signal in the network NWb is transmitted.

 検知装置301Aは、ネットワークNWaの構成に基づく参照情報RFaと、応答用装置101Aにより送信された応答データRaとに基づいて、ネットワークNWaの異常を検知する。また、検知装置301Bは、ネットワークNWbの構成に基づく参照情報RFbと、応答用装置101Bにより送信された応答データRbとに基づいて、ネットワークNWbの異常を検知する。より詳細には、検知装置301は、対応のネットワークNWのネットワーク構成の変更を当該ネットワークNWの異常として検知する。すなわち、検知装置301は、ネットワークNWのネットワークトポロジの変更を当該ネットワークNWの異常として検知する。以下、参照情報RFa,RFbの各々を参照情報RFとも称する。 The detection device 301A detects an abnormality in the network NWa based on reference information RFa based on the configuration of the network NWa and response data Ra transmitted by the response device 101A. The detection device 301B detects an abnormality in the network NWb based on reference information RFb based on the configuration of the network NWb and response data Rb transmitted by the response device 101B. More specifically, the detection device 301 detects a change in the network configuration of the corresponding network NW as an abnormality in that network NW. In other words, the detection device 301 detects a change in the network topology of the network NW as an abnormality in that network NW. Hereinafter, each of the reference information RFa and RFb will also be referred to as reference information RF.

 たとえば、検知装置301は、対応のネットワークNWの異常として、ネットワークNWにおける経路遮断を検知する。経路遮断は、伝送線1を切断することによる物理的な経路遮断、および一部または全部のメッセージを破棄する不正なフィルタ装置を伝送線1に追加することによる論理的な経路遮断を含む。 For example, the detection device 301 detects a route blockage in the network NW as an abnormality in the corresponding network NW. The route blockage includes a physical route blockage caused by cutting the transmission line 1, and a logical route blockage caused by adding an unauthorized filter device to the transmission line 1 that discards some or all messages.

 また、たとえば、検知装置301は、ネットワークNWの異常として、応答用装置101Aと応答用装置101Bとの間における、ゲートウェイ装置121を経由しない伝送路である迂回路の挿入を検知する。迂回路の挿入は、伝送線1A,1Bの配線を変更することによる物理的な迂回路の挿入、および伝送線1A,1Bの一方において伝送されるメッセージを伝送線1A,1Bの他方へ中継する不正な中継器を挿入することによる論理的な迂回路の挿入を含む。 Also, for example, the detection device 301 detects the insertion of a detour, which is a transmission path that does not go through the gateway device 121, between the response device 101A and the response device 101B as an abnormality in the network NW. The insertion of a detour includes the insertion of a physical detour by changing the wiring of the transmission lines 1A and 1B, and the insertion of a logical detour by inserting an unauthorized repeater that relays a message transmitted on one of the transmission lines 1A and 1B to the other of the transmission lines 1A and 1B.

 上述したように、通信機器111Aは、ゲートウェイ装置121を介して外部ネットワークと通信接続される一方で、通信機器111Bは、当該外部ネットワークとの通信接続は制限される。応答用装置101Aと応答用装置101Bとの間に迂回路が挿入された場合、通信機器111Bがゲートウェイ装置121および当該迂回路を介して当該外部ネットワークと通信接続されてしまう。そこで、検知装置301は、当該迂回路の挿入をネットワークNWの異常として検知する。 As described above, communication device 111A is communicatively connected to an external network via gateway device 121, while communication device 111B has a restricted communication connection to the external network. If a detour is inserted between response device 101A and response device 101B, communication device 111B will be communicatively connected to the external network via gateway device 121 and the detour. Therefore, detection device 301 detects the insertion of the detour as an abnormality in network NW.

 (応答データ生成情報Gの送信)
 図2は、本開示の第1の実施の形態に係る検知システムにおける検知装置の構成を示す図である。図2を参照して、検知装置301は、送信部31と、受信部32と、検知部33と、記憶部34とを備える。送信部31、受信部32および検知部33の一部または全部は、たとえば、1または複数のプロセッサを含む処理回路(Circuitry)により実現される。記憶部34は、たとえば上記処理回路に含まれる不揮発性メモリである。 (Transmission of response data generation information G)
Fig. 2 is a diagram showing a configuration of a detection device in a detection system according to a first embodiment of the present disclosure. Referring to Fig. 2, the detection device 301 includes a transmission unit 31, a reception unit 32, a detection unit 33, and a storage unit 34. A part or all of the transmission unit 31, the reception unit 32, and the detection unit 33 are realized, for example, by a processing circuit including one or more processors. The storage unit 34 is, for example, a non-volatile memory included in the processing circuit.

 検知部33は、定期的または不定期に、応答データ生成情報Gおよび検証開始コマンドを生成し、生成した応答データ生成情報Gおよび検証開始コマンドを送信部31へ出力する。応答データ生成情報Gは、所定長の乱数値であってもよいし、所定値であってもよい。たとえば、検知部33は、所定値の応答データ生成情報Gを生成する場合、過去に生成した応答データ生成情報Gとは異なる値の応答データ生成情報Gを生成して送信部31へ出力する。これにより、応答用装置101になりすました不正装置が再送攻撃を行った場合においても、当該不正装置の存在をより確実に検知することができる。 The detection unit 33 generates response data generation information G and a verification start command periodically or irregularly, and outputs the generated response data generation information G and verification start command to the transmission unit 31. The response data generation information G may be a random number value of a predetermined length, or may be a predetermined value. For example, when generating response data generation information G of a predetermined value, the detection unit 33 generates response data generation information G of a different value from response data generation information G generated in the past, and outputs it to the transmission unit 31. This makes it possible to more reliably detect the presence of an unauthorized device even if the unauthorized device impersonates the response device 101 and performs a retransmission attack.

 たとえば、検知装置301Aにおける検知部33は、所定の送信タイミングtaにおいて応答データ生成情報Gaおよび検証開始コマンドを生成して送信部31へ出力し、検知装置301Bにおける検知部33は、送信タイミングtaとは異なる所定の送信タイミングtbにおいて応答データ生成情報Gbおよび検証開始コマンドを生成して送信部31へ出力する。 For example, the detection unit 33 in the detection device 301A generates response data generation information Ga and a verification start command at a specific transmission timing ta and outputs them to the transmission unit 31, and the detection unit 33 in the detection device 301B generates response data generation information Gb and a verification start command at a specific transmission timing tb that is different from the transmission timing ta and outputs them to the transmission unit 31.

 送信部31は、応答データ生成情報Gを伝送線1経由で各応答用装置101へ送信する。より詳細には、検知装置301Aにおける送信部31は、検知部33から応答データ生成情報Gaを受けて、受けた応答データ生成情報Gaおよび検証開始コマンドをメッセージに含めて伝送線1A経由で各応答用装置101Aへ送信する。また、検知装置301Bにおける送信部31は、検知部33から応答データ生成情報Gbを受けて、受けた応答データ生成情報Gbおよび検証開始コマンドをメッセージに含めて伝送線1B経由で各応答用装置101Bへ送信する。 The transmitting unit 31 transmits response data generation information G to each response device 101 via transmission line 1. More specifically, the transmitting unit 31 in the detection device 301A receives response data generation information Ga from the detection unit 33, and transmits the received response data generation information Ga and the verification start command in a message to each response device 101A via transmission line 1A. The transmitting unit 31 in the detection device 301B receives response data generation information Gb from the detection unit 33, and transmits the received response data generation information Gb and the verification start command in a message to each response device 101B via transmission line 1B.

 (応答データRの送信)
 以下、応答用装置101による応答データRの送信について説明する。以下の応答データRの送信に関する内容は、特に断りがない限り、応答用装置101A,101Bに共通の内容である。 (Transmission of response data R)
The following describes the transmission of response data R by the response device 101. Unless otherwise specified, the following content regarding the transmission of response data R is common to the response devices 101A and 101B.

 図3は、本開示の第1の実施の形態に係る検知システムにおける応答用装置の構成を示す図である。図3を参照して、応答用装置101は、接続部10と、応答部20とを備える。応答部20は、受信部21と、送信部22と、処理部23と、記憶部24とを備える。処理部23は、生成部の一例である。受信部21、送信部22および処理部23の一部または全部は、たとえば、1または複数のプロセッサを含む処理回路により実現される。記憶部24は、たとえば上記処理回路に含まれる不揮発性メモリである。 FIG. 3 is a diagram showing the configuration of a response device in a detection system according to a first embodiment of the present disclosure. Referring to FIG. 3, the response device 101 includes a connection unit 10 and a response unit 20. The response unit 20 includes a receiving unit 21, a transmitting unit 22, a processing unit 23, and a storage unit 24. The processing unit 23 is an example of a generation unit. The receiving unit 21, the transmitting unit 22, and a part or all of the processing unit 23 are realized, for example, by a processing circuit including one or more processors. The storage unit 24 is, for example, a non-volatile memory included in the processing circuit.

 接続部10は、伝送線2と通信機器111とを電気的に接続する。通信機器111は、他の通信機器111により送信されたメッセージを伝送線2および接続部10経由で受信し、他の通信機器111宛のメッセージを接続部10および伝送線2経由で送信する。 The connection unit 10 electrically connects the transmission line 2 and the communication device 111. The communication device 111 receives messages sent by other communication devices 111 via the transmission line 2 and the connection unit 10, and transmits messages addressed to other communication devices 111 via the connection unit 10 and the transmission line 2.

 応答用装置101の応答部20における記憶部24は、当該応答用装置101に固有の鍵情報Kを記憶している。鍵情報Kは、固有情報の一例である。 The memory unit 24 in the response unit 20 of the response device 101 stores key information K that is unique to the response device 101. The key information K is an example of unique information.

 応答部20における受信部21は、応答データ生成情報Gを、伝送線1を介して検知装置301から受信する。より詳細には、受信部21は、伝送線1経由で検知装置301からメッセージを受信し、受信したメッセージから応答データ生成情報Gを取得する。受信部21は、取得した応答データ生成情報Gを処理部23へ出力する。 The receiving unit 21 in the response unit 20 receives the response data generation information G from the detection device 301 via the transmission line 1. More specifically, the receiving unit 21 receives a message from the detection device 301 via the transmission line 1, and acquires the response data generation information G from the received message. The receiving unit 21 outputs the acquired response data generation information G to the processing unit 23.

 処理部23は、応答データ生成情報Gに基づいて応答データRを生成する。たとえば、処理部23は、記憶部24における鍵情報Kにさらに基づいて応答データRを生成する。より詳細には、処理部23は、受信部21から応答データ生成情報Gを受けて、受けた応答データ生成情報Gと、記憶部24における鍵情報Kとを用いて、応答データRを生成する。応答データRは、デジタル署名であってもよいし、メッセージ認証子であってもよい。処理部23は、生成した応答データRを送信部22へ出力する。 The processing unit 23 generates response data R based on the response data generation information G. For example, the processing unit 23 generates the response data R further based on the key information K in the storage unit 24. More specifically, the processing unit 23 receives the response data generation information G from the receiving unit 21, and generates the response data R using the received response data generation information G and the key information K in the storage unit 24. The response data R may be a digital signature or a message authenticator. The processing unit 23 outputs the generated response data R to the transmitting unit 22.

 送信部22は、応答データRを、伝送線2を介して検知装置301へ送信する。より詳細には、送信部22は、処理部23から応答データRを受けて、受けた応答データRを含むメッセージを生成し、生成したメッセージを接続部10および伝送線2経由で検知装置301へ送信する。 The transmitting unit 22 transmits the response data R to the detection device 301 via the transmission line 2. More specifically, the transmitting unit 22 receives the response data R from the processing unit 23, generates a message including the received response data R, and transmits the generated message to the detection device 301 via the connection unit 10 and the transmission line 2.

 (検知処理)
 再び図2を参照して、検知装置301における受信部32は、応答用装置101により送信された応答データRを、伝送線2を介して受信する。検知部33は、ネットワークNWの構成に基づく参照情報RFと、受信部32により受信された応答データRとに基づいて、当該ネットワークNWの異常を検知する検知処理を行う。以下、検知装置301Aにおける検知処理を代表的に説明する。 (Detection process)
2 again, the receiving unit 32 in the detection device 301 receives the response data R transmitted by the response device 101 via the transmission line 2. The detection unit 33 performs a detection process to detect an abnormality in the network NW based on the reference information RF based on the configuration of the network NW and the response data R received by the receiving unit 32. The detection process in the detection device 301A will be representatively described below.

 たとえば、検知装置301Aにおける記憶部34は、伝送線1Aに接続される応答用装置101Aの数と、伝送線1Aに接続される各応答用装置101Aの鍵情報Kと、応答用装置101Aへ応答データ生成情報Gaを送信してから応答用装置101Aが応答データRaを送信完了するまでに要する時間である所用時間TMとを示す参照情報RFaを記憶している。 For example, the memory unit 34 in the detection device 301A stores reference information RFa indicating the number of response devices 101A connected to the transmission line 1A, the key information K of each response device 101A connected to the transmission line 1A, and the required time TM, which is the time required from when response data generation information Ga is transmitted to the response device 101A until the response device 101A completes transmission of the response data Ra.

 検知装置301Aにおける受信部32は、応答用装置101から伝送線2A経由でメッセージを受信する。受信部32は、受信したメッセージから応答データRを取得し、取得した応答データRと、当該応答データRの送信元の応答用装置101のIDとを検知部33へ出力する。 The receiving unit 32 in the detection device 301A receives a message from the response device 101 via the transmission line 2A. The receiving unit 32 acquires response data R from the received message, and outputs the acquired response data R and the ID of the response device 101 that sent the response data R to the detection unit 33.

 検知部33は、受信部32から応答データRを受けて、受けた応答データRを、参照情報RFaに基づく情報と照合する。たとえば、検知部33は、参照情報RFaに含まれる鍵情報Kおよび応答用装置101Aへ送信した応答データ生成情報Gaに基づいて生成データMaを生成し、受信部32から受けた応答データRを生成データMaと照合する。検知部33は、応答データRの照合結果、受信部32により受信された応答データRの数、および応答データRの受信タイミングに基づいて、ネットワークNWaの異常を検知する。 The detection unit 33 receives response data R from the receiving unit 32 and compares the received response data R with information based on the reference information RFa. For example, the detection unit 33 generates generated data Ma based on the key information K included in the reference information RFa and the response data generation information Ga sent to the response device 101A, and compares the response data R received from the receiving unit 32 with the generated data Ma. The detection unit 33 detects an abnormality in the network NWa based on the result of comparing the response data R, the number of response data R received by the receiving unit 32, and the reception timing of the response data R.

 より詳細には、検知部33は、送信部31経由で応答用装置101Aへ送信した応答データ生成情報Gaと、記憶部34における各鍵情報Kとを用いて、伝送線2Aに接続される複数の応答用装置101Aにそれぞれ対応する複数の応答データRaに相当する複数の生成データMaを生成する。たとえば、生成データMaは、ハッシュ値である。 More specifically, the detection unit 33 uses the response data generation information Ga transmitted to the response device 101A via the transmission unit 31 and each piece of key information K in the storage unit 34 to generate multiple pieces of generated data Ma corresponding to multiple pieces of response data Ra respectively corresponding to the multiple response devices 101A connected to the transmission line 2A. For example, the generated data Ma is a hash value.

 検知部33は、受信部32から受けた応答データRaおよびIDに基づいて、応答データRaと生成データMaとを応答用装置101Aごとに照合する。たとえば、検知部33は、受信部32により受信された複数の応答データRaのうちの少なくともいずれか1つの応答データRaと、当該応答データRaの送信元の応答用装置101Aに対応する生成データMaとが一致しない場合、検知条件C1を満たすと判断する。一方、検知部33は、受信部32により受信された複数の応答データRaと、生成した複数の生成データMaとがそれぞれ一致する場合、検知条件C1を満たさないと判断する。 The detection unit 33 compares the response data Ra with the generated data Ma for each response device 101A based on the response data Ra and ID received from the receiving unit 32. For example, the detection unit 33 determines that the detection condition C1 is met when at least one of the multiple response data Ra received by the receiving unit 32 does not match the generated data Ma corresponding to the response device 101A that sent the response data Ra. On the other hand, the detection unit 33 determines that the detection condition C1 is not met when the multiple response data Ra received by the receiving unit 32 match each of the multiple generated data Ma that it generated.

 また、検知部33は、参照情報RFaを参照し、所定の受信期間TRaにおいて受信部32により受信された応答データRの数と、伝送線1Aに接続される応答用装置101Aの数とを比較する。たとえば、受信期間TRaは、検知システム401における応答データ生成情報Gの送信タイミングおよび参照情報RFaが示す所用時間TM等に応じて予め設定される。一例として、受信期間TRaは、検知装置301Aによる応答データ生成情報Gaの送信タイミングtaから、検知装置301Bによる応答データ生成情報Gbの送信タイミングtbまでの期間である。たとえば、検知部33は、受信期間TRaにおいて受信部32により受信された応答データRの数が、伝送線1Aに接続される応答用装置101Aの数すなわちN個と一致しない場合、検知条件C2を満たすと判断する。一方、検知部33は、受信期間TRaにおいて受信部32により受信された応答データRの数がN個である場合、検知条件C2を満たさないと判断する。 The detection unit 33 also refers to the reference information RFa and compares the number of response data R received by the receiving unit 32 in a predetermined reception period TRa with the number of response devices 101A connected to the transmission line 1A. For example, the reception period TRa is set in advance according to the transmission timing of the response data generation information G in the detection system 401 and the required time TM indicated by the reference information RFa. As an example, the reception period TRa is the period from the transmission timing ta of the response data generation information Ga by the detection device 301A to the transmission timing tb of the response data generation information Gb by the detection device 301B. For example, if the number of response data R received by the receiving unit 32 in the reception period TRa does not match the number of response devices 101A connected to the transmission line 1A, that is, N, the detection unit 33 determines that the detection condition C2 is satisfied. On the other hand, if the number of response data R received by the receiving unit 32 in the reception period TRa is N, the detection unit 33 determines that the detection condition C2 is not satisfied.

 また、検知部33は、受信期間TRa以外の期間において受信部32により受信された応答データRの有無を確認する。たとえば、検知部33は、受信期間TRa以外の期間において受信部32により受信された応答データRが存在する場合、検知条件C3を満たすと判断する。一方、検知部33は、受信期間TRa以外の期間において受信部32により受信された応答データRが存在しない場合、検知条件C3を満たさないと判断する。 The detection unit 33 also checks whether or not response data R has been received by the receiving unit 32 in a period other than the reception period TRa. For example, if there is response data R received by the receiving unit 32 in a period other than the reception period TRa, the detection unit 33 determines that the detection condition C3 is met. On the other hand, if there is no response data R received by the receiving unit 32 in a period other than the reception period TRa, the detection unit 33 determines that the detection condition C3 is not met.

 検知部33は、検知処理において、検知条件C1,C2,C3を満たすか否かの判断結果に基づいて、ネットワークNWaの異常を検知する。より詳細には、検知部33は、検知条件C1,C2,C3のうちの少なくともいずれか1つを満たすと判断した場合、ネットワークNWaの異常が発生していると判定する。 In the detection process, the detection unit 33 detects an abnormality in the network NWa based on the result of the determination as to whether or not the detection conditions C1, C2, and C3 are satisfied. More specifically, when the detection unit 33 determines that at least one of the detection conditions C1, C2, and C3 is satisfied, it determines that an abnormality has occurred in the network NWa.

 たとえば、検知部33は、検知条件C1を満たす場合、応答用装置101Aになりすました不正装置が存在すると判定する。また、たとえば、検知部33は、検知条件C2を満たし、かつ受信期間TRaにおいて受信部32により受信された応答データRの数がN個未満の場合、ネットワークNWaにおいて経路遮断が発生していると判定する。また、たとえば、検知部33は、検知条件C2を満たし、かつ受信期間TRaにおいて受信部32により受信された応答データRの数がN個よりも多い場合、または検知条件C3を満たす場合、ネットワークNWaにおいて迂回路の挿入が発生していると判定する。 For example, if detection condition C1 is satisfied, the detection unit 33 determines that there is an unauthorized device masquerading as the response device 101A. Also, for example, if detection condition C2 is satisfied and the number of response data R received by the receiving unit 32 during the reception period TRa is less than N, the detection unit 33 determines that a route blockage has occurred in the network NWa. Also, for example, if detection condition C2 is satisfied and the number of response data R received by the receiving unit 32 during the reception period TRa is greater than N, or if detection condition C3 is satisfied, the detection unit 33 determines that a detour has been inserted in the network NWa.

 検知部33は、ネットワークNWaの異常が発生していると判定した場合、異常が発生している旨を示す異常情報をメッセージに含めて伝送線1A経由で応答用装置101Aへ送信する。また、検知部33は、ネットワークNWaの異常が発生している旨を音声または表示により検知システム401のユーザに通知する。なお、処理部23は、応答用装置101Aへの異常情報の送信、およびユーザへの通知の一方または両方を行わない構成であってもよい。 When the detection unit 33 determines that an abnormality has occurred in the network NWa, it transmits abnormality information indicating that an abnormality has occurred in a message to the response device 101A via the transmission line 1A. The detection unit 33 also notifies the user of the detection system 401 that an abnormality has occurred in the network NWa by voice or display. Note that the processing unit 23 may be configured not to transmit the abnormality information to the response device 101A and/or notify the user.

 再び図3を参照して、たとえば、応答用装置101Aにおける処理部23は、伝送線1Aおよび受信部21経由で検知装置301Aから異常情報を受信した場合、ネットワークNWaの異常が発生している旨を音声または表示により検知システム401のユーザに通知する。また、たとえば、処理部23は、伝送線1Aおよび受信部21経由で検知装置301Aから異常情報を受信した場合、接続部10における伝送線2Aと通信機器111Aとの電気的な接続を遮断する。なお、処理部23は、ユーザへの通知、および伝送線2Aと通信機器111Aとの電気的な接続の遮断の一方または両方を行わない構成であってもよい。 Referring again to FIG. 3, for example, when the processing unit 23 in the response device 101A receives abnormality information from the detection device 301A via the transmission line 1A and the receiving unit 21, it notifies the user of the detection system 401 by voice or display that an abnormality has occurred in the network NWa. Also, for example, when the processing unit 23 receives abnormality information from the detection device 301A via the transmission line 1A and the receiving unit 21, it cuts off the electrical connection between the transmission line 2A and the communication device 111A at the connection unit 10. Note that the processing unit 23 may be configured not to notify the user or not to cut off the electrical connection between the transmission line 2A and the communication device 111A, or both.

 (変形例1)
 図4は、本開示の第1の実施の形態の変形例1に係る検知システムの構成を示す図である。図4を参照して、検知システム402は、検知システム401と比べて、検知装置301Aの代わりに検知装置302を備え、応答用装置101Aの代わりに応答用装置102である応答用装置102Aを備える。また、検知システム402は、検知システム401と比べて、通信機器111である通信機器111C、応答用装置102である応答用装置102Cおよび集約装置201A,201Cをさらに備える。たとえば、検知システム402は、L個の応答用装置102Cと、L個の通信機器111Cとを備える。図4に示す例では、応答用装置102Cの各々に通信機器111Cが接続されている。Lは、2以上の整数である。なお、検知システム402は、1つの応答用装置102Cおよび通信機器111Cを備える構成であってもよい。以下、集約装置201A,201Cの各々を集約装置201とも称する。 (Variation 1)
FIG. 4 is a diagram showing a configuration of a detection system according to a first modified example of the first embodiment of the present disclosure. Referring to FIG. 4, the detection system 402 includes a detection device 302 instead of the detection device 301A, and includes a response device 102A that is a response device 102 instead of the response device 101A, compared to the detection system 401. Also, the detection system 402 further includes a communication device 111C that is a communication device 111, a response device 102C that is a response device 102, and aggregation devices 201A and 201C, compared to the detection system 401. For example, the detection system 402 includes L response devices 102C and L communication devices 111C. In the example shown in FIG. 4, the communication device 111C is connected to each of the response devices 102C. L is an integer equal to or greater than 2. The detection system 402 may include one response device 102C and one communication device 111C. Hereinafter, each of the aggregation devices 201A and 201C will also be referred to as an aggregation device 201.

 ゲートウェイ装置121、応答用装置102A、集約装置201Aおよび検知装置302は、伝送線2Aを介して互いに接続されている。また、応答用装置102A,102C、集約装置201A,201Cおよび検知装置302は、伝送線1Aを介して互いに接続されている。 Gateway device 121, response device 102A, aggregation device 201A, and detection device 302 are connected to each other via transmission line 2A. Also, response devices 102A and 102C, aggregation devices 201A and 201C, and detection device 302 are connected to each other via transmission line 1A.

 ゲートウェイ装置121、応答用装置102Cおよび集約装置201Cは、伝送線2である伝送線2Cを介して互いに接続されている。 The gateway device 121, the response device 102C, and the aggregation device 201C are connected to each other via the transmission line 2C, which is the transmission line 2.

 検知システム402は、検知システム401と比べて、ネットワークNWaの代わりにネットワークNW1aを含み、ネットワークNWcをさらに含む。ネットワークNW1aは、ゲートウェイ装置121、応答用装置102A、通信機器111Aおよび伝送線2Aにより構成される。ネットワークNWcは、ゲートウェイ装置121、応答用装置102C、通信機器111Cおよび伝送線2Cにより構成される。 Compared to detection system 401, detection system 402 includes network NW1a instead of network NWa, and further includes network NWc. Network NW1a is composed of gateway device 121, response device 102A, communication device 111A, and transmission line 2A. Network NWc is composed of gateway device 121, response device 102C, communication device 111C, and transmission line 2C.

 検知装置302は、応答データ生成情報Gaを、伝送線1Aを介して応答用装置102A,102Cおよび集約装置201A,201Cへ送信する。 The detection device 302 transmits the response data generation information Ga to the response devices 102A and 102C and the aggregation devices 201A and 201C via the transmission line 1A.

 応答用装置102Aは、検知装置302から受信した応答データ生成情報Gaに基づく応答データRaを、メッセージに含めて伝送線2A経由で集約装置201Aへ送信する。たとえば、応答用装置102Aは、ネットワークNWaにおける主信号が伝送される伝送線2Aに、応答データRaを周波数分割多重、時分割多重または符号分割多重することにより、応答データRaを集約装置201Aへ送信する。 The response device 102A transmits the response data Ra based on the response data generation information Ga received from the detection device 302 to the aggregation device 201A via the transmission line 2A, including the response data Ra in a message. For example, the response device 102A transmits the response data Ra to the aggregation device 201A by frequency division multiplexing, time division multiplexing, or code division multiplexing the response data Ra to the transmission line 2A over which the main signal in the network NWa is transmitted.

 また、応答用装置102Cは、検知装置302から受信した応答データ生成情報Gaに基づく応答データRcを、メッセージに含めて伝送線2C経由で集約装置201Cへ送信する。たとえば、応答用装置102Cは、ネットワークNWcにおける主信号が伝送される伝送線2Cに、応答データRcを周波数分割多重、時分割多重または符号分割多重することにより、応答データRcを集約装置201Cへ送信する。 The response device 102C also transmits response data Rc based on the response data generation information Ga received from the detection device 302 to the aggregation device 201C via the transmission line 2C, including the response data Rc in a message. For example, the response device 102C transmits the response data Rc to the aggregation device 201C by frequency division multiplexing, time division multiplexing, or code division multiplexing the response data Rc to the transmission line 2C over which the main signal in the network NWc is transmitted.

 集約装置201Aは、複数の応答用装置102Aによりそれぞれ生成された複数の応答データRaが集約された集約データRxAを生成し、生成した集約データRxAを検知装置302へ送信する。 The aggregation device 201A generates aggregated data RxA by aggregating multiple pieces of response data Ra generated by multiple response devices 102A, and transmits the generated aggregated data RxA to the detection device 302.

 より詳細には、集約装置201Aは、応答用装置102Aから伝送線2A経由でメッセージを受信する。集約装置201Aは、受信期間TRaにおいて受信した複数のメッセージから複数の応答データRaをそれぞれ取得する。集約装置201Aは、取得した複数の応答データRaに対して所定の処理を行うことにより、当該複数の応答データRaのデータ量の合計値よりも小さいデータ量の集約データRxAを生成する。集約装置201Aは、生成した集約データRxAをメッセージに含めて伝送線1A経由で検知装置302へ送信する。 More specifically, the aggregation device 201A receives a message from the response device 102A via the transmission line 2A. The aggregation device 201A acquires multiple pieces of response data Ra from the multiple messages received during the reception period TRa. The aggregation device 201A performs a predetermined process on the acquired multiple pieces of response data Ra to generate aggregated data RxA with a data volume smaller than the total data volume of the multiple pieces of response data Ra. The aggregation device 201A includes the generated aggregated data RxA in a message and transmits it to the detection device 302 via the transmission line 1A.

 また、集約装置201Cは、複数の応答用装置102Cによりそれぞれ生成された複数の応答データRcが集約された集約データRxCを生成し、生成した集約データRxCを検知装置302へ送信する。 The aggregation device 201C also generates aggregated data RxC that aggregates the multiple response data Rc generated by the multiple response devices 102C, and transmits the generated aggregated data RxC to the detection device 302.

 より詳細には、集約装置201Cは、応答用装置102Cから伝送線2C経由でメッセージを受信する。集約装置201Cは、受信期間TRaにおいて受信した複数のメッセージから複数の応答データRcをそれぞれ取得する。集約装置201Cは、取得した複数の応答データRcに対して所定の処理を行うことにより、当該複数の応答データRcのデータ量の合計値よりも小さいデータ量の集約データRxCを生成する。集約装置201Cは、生成した集約データRxCをメッセージに含めて伝送線1A経由で検知装置302へ送信する。 More specifically, the aggregation device 201C receives a message from the response device 102C via the transmission line 2C. The aggregation device 201C acquires multiple pieces of response data Rc from the multiple messages received during the reception period TRa. The aggregation device 201C performs a predetermined process on the acquired multiple pieces of response data Rc to generate aggregated data RxC with a data volume smaller than the total data volume of the multiple pieces of response data Rc. The aggregation device 201C includes the generated aggregated data RxC in a message and transmits it to the detection device 302 via the transmission line 1A.

 検知装置302は、伝送線1A経由で集約装置201A,201Cから集約データRxA,RxCをそれぞれ受信する。検知装置302は、ネットワークNW1a,NWcの構成に基づく参照情報RFacと、集約装置201A,201Cから受信した集約データRxA,RxCとに基づいて、検知処理を行う。 The detection device 302 receives the aggregated data RxA and RxC from the aggregation devices 201A and 201C via the transmission line 1A. The detection device 302 performs detection processing based on the reference information RFac based on the configurations of the networks NW1a and NWc, and the aggregated data RxA and RxC received from the aggregation devices 201A and 201C.

 より詳細には、検知装置302は、伝送線2Aに接続される複数の応答用装置102Aにそれぞれ対応する複数の生成データMaと、伝送線2Cに接続される複数の応答用装置102Cにそれぞれ対応する複数の生成データMcとを生成する。 More specifically, the detection device 302 generates a plurality of generated data Ma corresponding to the plurality of response devices 102A connected to the transmission line 2A, and a plurality of generated data Mc corresponding to the plurality of response devices 102C connected to the transmission line 2C.

 検知装置302は、集約データRxAと、生成データMaとを応答用装置102Aごとに照合し、集約データRxCと、生成データMcとを応答用装置102Cごとに照合する。 The detection device 302 compares the aggregated data RxA with the generated data Ma for each response device 102A, and compares the aggregated data RxC with the generated data Mc for each response device 102C.

 検知装置302は、集約データRxAに集約された複数の応答データRaのうちの少なくともいずれか1つの応答データRaと、当該応答データRaの送信元の応答用装置102Aに対応する生成データMaとが一致しない場合、検知条件C1を満たすと判断する。また、検知装置302は、集約データRxCに集約された複数の応答データRcのうちの少なくともいずれか1つの応答データRcと、当該応答データRcの送信元の応答用装置102Cに対応する生成データMcとが一致しない場合、検知条件C1を満たすと判断する。 The detection device 302 determines that the detection condition C1 is met when at least one of the multiple response data Ra aggregated in the aggregated data RxA does not match the generated data Ma corresponding to the response device 102A that sent the response data Ra. The detection device 302 also determines that the detection condition C1 is met when at least one of the multiple response data Rc aggregated in the aggregated data RxC does not match the generated data Mc corresponding to the response device 102C that sent the response data Rc.

 一方、検知装置302は、集約データRxAに集約された複数の応答データRaと、生成した複数の生成データMaとがそれぞれ一致し、かつ集約データRxCに集約された複数の応答データRcと、生成した複数の生成データMcとがそれぞれ一致する場合、検知条件C1を満たさないと判断する。 On the other hand, if the multiple response data Ra aggregated in the aggregated data RxA match the multiple generated data Ma that were generated, and the multiple response data Rc aggregated in the aggregated data RxC match the multiple generated data Mc that were generated, the detection device 302 determines that the detection condition C1 is not satisfied.

 なお、集約装置201Aは、検知装置302から受信した応答データ生成情報Gaに基づいて応答データRを生成し、複数の応答データRaおよび生成した応答データRに対して所定の処理を行うことにより、集約データRxAを生成する構成であってもよい。また、集約装置201Cは、検知装置302から受信した応答データ生成情報Gaに基づいて応答データRを生成し、複数の応答データRcおよび生成した応答データRに対して所定の処理を行うことにより、集約データRxCを生成する構成であってもよい。 The aggregating device 201A may be configured to generate response data R based on response data generation information Ga received from the detection device 302, and generate aggregated data RxA by performing a predetermined process on the multiple response data Ra and the generated response data R. The aggregating device 201C may be configured to generate response data R based on response data generation information Ga received from the detection device 302, and generate aggregated data RxC by performing a predetermined process on the multiple response data Rc and the generated response data R.

 また、集約装置201は、検知装置302と同様に、受信した応答データRの数、および応答データRの受信タイミングに基づいて、ネットワークNW1a,NWcの異常を検知する構成であってもよい。 In addition, the aggregation device 201 may be configured to detect abnormalities in the networks NW1a and NWc based on the number of pieces of response data R received and the timing of receiving the response data R, similar to the detection device 302.

 (変形例2)
 図5は、本開示の第1の実施の形態の変形例2に係る検知システムの構成を示す図である。図5を参照して、検知システム403は、検知システム401と比べて、検知装置301Aの代わりに検知装置303を備え、応答用装置101Aの代わりに応答用装置103Aを備える。 (Variation 2)
Fig. 5 is a diagram illustrating a configuration of a detection system according to Modification 2 of the first embodiment of the present disclosure. With reference to Fig. 5, compared to detection system 401, detection system 403 includes detection device 303 instead of detection device 301A, and includes response device 103A instead of response device 101A.

 ゲートウェイ装置121、応答用装置103Aおよび検知装置303は、伝送線2Aを介して互いに接続されている。また、共通の物理的な伝送線2Aを用いて、論理的な伝送路2A1および伝送路2A2が設けられている。 The gateway device 121, the response device 103A, and the detection device 303 are connected to each other via a transmission line 2A. In addition, logical transmission paths 2A1 and 2A2 are provided using the common physical transmission line 2A.

 通信機器111Aは、応答用装置103Aおよび伝送路2A1を介して、ゲートウェイ装置121および他の通信機器111Aと通信を行う。一例として、通信機器111Aは、他の通信機器111宛のModbusに従うメッセージを、応答用装置103Aおよび伝送路2A1経由でゲートウェイ装置121および他の通信機器111へ送信する。 The communication device 111A communicates with the gateway device 121 and other communication devices 111A via the response device 103A and the transmission path 2A1. As an example, the communication device 111A transmits a message conforming to Modbus addressed to the other communication devices 111 to the gateway device 121 and other communication devices 111 via the response device 103A and the transmission path 2A1.

 検知装置303および応答用装置103Aは、伝送線2Aにおいて応答データ生成情報Gaおよび応答データRaを多重して送信する。 The detection device 303 and the response device 103A multiplex and transmit the response data generation information Ga and the response data Ra on the transmission line 2A.

 より詳細には、検知装置303は、応答データ生成情報Gaを、伝送路2A1とは別の、論理的に独立した伝送路2A2を介して応答用装置103Aへ送信する。たとえば、検知装置303は、ネットワークNWaにおける主信号が伝送される伝送線2Aに、応答データ生成情報Gaを周波数分割多重、時分割多重または符号分割多重することにより、応答データ生成情報Gaを応答用装置103Aへ送信する。 More specifically, the detection device 303 transmits the response data generation information Ga to the response device 103A via a logically independent transmission path 2A2 that is separate from the transmission path 2A1. For example, the detection device 303 transmits the response data generation information Ga to the response device 103A by frequency division multiplexing, time division multiplexing, or code division multiplexing the response data generation information Ga to the transmission line 2A through which the main signal in the network NWa is transmitted.

 応答用装置103Aは、検知装置303から受信した応答データ生成情報Gaに基づく応答データRaを生成し、生成した応答データRaを、伝送路2A1を介して検知装置303へ送信する。たとえば、応答用装置103Aは、ネットワークNWaにおける主信号が伝送される伝送線2Aに、応答データRaを周波数分割多重、時分割多重または符号分割多重することにより、応答データRaを検知装置303へ送信する。 The response device 103A generates response data Ra based on the response data generation information Ga received from the detection device 303, and transmits the generated response data Ra to the detection device 303 via the transmission path 2A1. For example, the response device 103A transmits the response data Ra to the detection device 303 by frequency division multiplexing, time division multiplexing, or code division multiplexing the response data Ra onto the transmission line 2A over which the main signal in the network NWa is transmitted.

 [動作の流れ]
 図6は、本開示の第1の実施の形態に係る検知システムにおける検知処理のシーケンスの一例を示す図である。図6は、検知装置301Aにおける検知処理を示している。 [Operation flow]
Fig. 6 is a diagram illustrating an example of a sequence of a detection process in the detection system according to the first embodiment of the present disclosure. Fig. 6 illustrates the detection process in the detection device 301A.

 図6を参照して、まず、検知装置301は、所定の送信タイミングtaが到来すると、応答データ生成情報Gaを、伝送線1Aを介して各応答用装置101Aへ送信する(ステップS11)。 Referring to FIG. 6, first, when a predetermined transmission timing ta arrives, the detection device 301 transmits response data generation information Ga to each response device 101A via the transmission line 1A (step S11).

 次に、各応答用装置101Aは、検知装置301Aから受信した応答データ生成情報Gaと、鍵情報Kとを用いて、応答データRaを生成する(ステップS12)。 Next, each response device 101A generates response data Ra using the response data generation information Ga received from the detection device 301A and the key information K (step S12).

 次に、各応答用装置101Aは、生成した応答データRaを、伝送線2Aを介して検知装置301Aへ送信する(ステップS13)。 Next, each response device 101A transmits the generated response data Ra to the detection device 301A via the transmission line 2A (step S13).

 次に、検知装置301Aは、ネットワークNWaの構成に基づく参照情報RFaと、応答用装置101Aから受信した応答データRaとに基づいて、検知処理を行う。より詳細には、検知装置301Aは、受信した応答データRaと、生成データMaとを応答用装置101Aごとに照合することにより、検知条件C1を満たすか否かを判断する。また、検知装置301Aは、参照情報RFaを参照し、受信期間TRaにおいて受信した応答データRの数と、伝送線1Aに接続される応答用装置101Aの数とを比較することにより、検知条件C2を満たすか否かを判断する。また、検知装置301Aは、応答データRの受信タイミングに基づいて、検知条件C3を満たすか否かを判断する。検知装置301Aは、検知条件C1,C2,C3に関する判断結果に基づいて、ネットワークNWaの異常が発生しているか否かを判定する(ステップS14)。 Next, the detection device 301A performs detection processing based on the reference information RFa based on the configuration of the network NWa and the response data Ra received from the response device 101A. More specifically, the detection device 301A determines whether or not the detection condition C1 is satisfied by collating the received response data Ra with the generated data Ma for each response device 101A. The detection device 301A also determines whether or not the detection condition C2 is satisfied by referring to the reference information RFa and comparing the number of response data R received during the reception period TRa with the number of response devices 101A connected to the transmission line 1A. The detection device 301A also determines whether or not the detection condition C3 is satisfied based on the reception timing of the response data R. The detection device 301A determines whether or not an abnormality has occurred in the network NWa based on the determination results regarding the detection conditions C1, C2, and C3 (step S14).

 図7は、本開示の第1の実施の形態の変形例1に係る検知システムにおける検知処理のシーケンスの一例を示す図である。図7は、検知装置302における検知処理を示している。 FIG. 7 is a diagram showing an example of a sequence of detection processing in a detection system according to a first modified example of the first embodiment of the present disclosure. FIG. 7 shows detection processing in the detection device 302.

 図7を参照して、まず、検知装置302は、所定の送信タイミングtaが到来すると、応答データ生成情報Gaを、伝送線1Aを介して応答用装置102A,102Cおよび集約装置201A,201Cへ送信する(ステップS21)。 Referring to FIG. 7, first, when a predetermined transmission timing ta arrives, the detection device 302 transmits response data generation information Ga to the response devices 102A and 102C and the aggregation devices 201A and 201C via the transmission line 1A (step S21).

 次に、各応答用装置102Aは、検知装置302から受信した応答データ生成情報Gaと、鍵情報Kとを用いて、応答データRaを生成する。また、各応答用装置102Cは、検知装置302から受信した応答データ生成情報Gaと、鍵情報Kとを用いて、応答データRcを生成する(ステップS22)。 Next, each response device 102A generates response data Ra using the response data generation information Ga and key information K received from the detection device 302. Also, each response device 102C generates response data Rc using the response data generation information Ga and key information K received from the detection device 302 (step S22).

 次に、各応答用装置102Aは、生成した応答データRaを、伝送線2A経由で集約装置201Aへ送信する。また、各応答用装置102Cは、生成した応答データRcを、伝送線2C経由で集約装置201Cへ送信する(ステップS23)。 Next, each response device 102A transmits the generated response data Ra to the aggregation device 201A via the transmission line 2A. Also, each response device 102C transmits the generated response data Rc to the aggregation device 201C via the transmission line 2C (step S23).

 次に、集約装置201Aは、複数の応答用装置102Aによりそれぞれ送信された複数の応答データRaを受信し、受信した複数の応答データRaが集約された集約データRxAを生成する。また、集約装置201Cは、複数の応答用装置102Cによりそれぞれ送信された複数の応答データRcを受信し、受信した複数の応答データRcが集約された集約データRxCを生成する(ステップS24)。 Next, the aggregating device 201A receives the multiple response data Ra transmitted by the multiple response devices 102A, and generates aggregated data RxA by aggregating the multiple received response data Ra. The aggregating device 201C receives the multiple response data Rc transmitted by the multiple response devices 102C, and generates aggregated data RxC by aggregating the multiple received response data Rc (step S24).

 次に、集約装置201Aは、生成した集約データRxAを、伝送線1A経由で検知装置302へ送信する。また、集約装置201Cは、生成した集約データRxCを、伝送線1A経由で検知装置302へ送信する(ステップS25)。 Next, the aggregation device 201A transmits the generated aggregated data RxA to the detection device 302 via the transmission line 1A. In addition, the aggregation device 201C transmits the generated aggregated data RxC to the detection device 302 via the transmission line 1A (step S25).

 次に、検知装置302は、ネットワークNW1a,NWcの構成に基づく参照情報RFacと、集約装置201A,201Cから受信した集約データRxA,RxCとに基づいて、検知処理を行う。より詳細には、検知装置302は、受信した集約データRxAと、生成データMaとを応答用装置102Aごとに照合し、集約データRxCと、生成データMcとを応答用装置102Cごとに照合することにより、検知条件C1を満たすか否かを判断する。また、検知装置302は、参照情報RFa1を参照し、集約データRxA,RxCに集約された応答データRの数と、伝送線2A,2Cに接続される応答用装置102A,102Cの数とをそれぞれ比較することにより、検知条件C2を満たすか否かを判断する。また、検知装置302は、応答データRの受信タイミングに基づいて、検知条件C3を満たすか否かを判断する。検知装置302は、検知条件C1,C2,C3に関する判断結果に基づいて、ネットワークNW1a,NWcの異常が発生しているか否かを判定する(ステップS26)。 Next, the detection device 302 performs detection processing based on the reference information RFac based on the configuration of the networks NW1a and NWc and the aggregated data RxA and RxC received from the aggregation devices 201A and 201C. More specifically, the detection device 302 compares the received aggregated data RxA with the generated data Ma for each response device 102A, and compares the aggregated data RxC with the generated data Mc for each response device 102C, thereby determining whether or not the detection condition C1 is satisfied. The detection device 302 also refers to the reference information RFa1 and compares the number of response data R aggregated in the aggregated data RxA and RxC with the number of response devices 102A and 102C connected to the transmission lines 2A and 2C, respectively, to determine whether or not the detection condition C2 is satisfied. The detection device 302 also determines whether or not the detection condition C3 is satisfied based on the timing of receiving the response data R. The detection device 302 determines whether an abnormality has occurred in the networks NW1a and NWc based on the results of the determination regarding the detection conditions C1, C2, and C3 (step S26).

 なお、本開示の第1の実施の形態に係る検知システム401では、検知装置301Aは、伝送線1Aを介して応答データ生成情報Gaを応答用装置101Aへ送信する構成であるとしたが、これに限定するものではない。検知装置301Aは、伝送線2Aを介して応答データ生成情報Gaを応答用装置101Aへ送信する構成であってもよい。この場合、応答用装置101Aは、伝送線1Aを介して応答データRaを検知装置301Aへ送信する。 In the detection system 401 according to the first embodiment of the present disclosure, the detection device 301A is configured to transmit the response data generation information Ga to the response device 101A via the transmission line 1A, but this is not limited to the above. The detection device 301A may be configured to transmit the response data generation information Ga to the response device 101A via the transmission line 2A. In this case, the response device 101A transmits the response data Ra to the detection device 301A via the transmission line 1A.

 また、本開示の第1の実施の形態に係る検知システム401では、検知装置301は、伝送線1を介して応答データ生成情報Gを応答用装置101へ送信する代わりに、無線通信により応答データ生成情報Gを応答用装置101へ送信する構成であってもよい。また、応答用装置101は、伝送線1を介して応答データRを検知装置301へ送信する代わりに、無線通信により応答データRを検知装置301へ送信する構成であってもよい。 Furthermore, in the detection system 401 according to the first embodiment of the present disclosure, the detection device 301 may be configured to transmit the response data generation information G to the response device 101 by wireless communication instead of transmitting the response data generation information G to the response device 101 via the transmission line 1. Further, the response device 101 may be configured to transmit the response data R to the detection device 301 by wireless communication instead of transmitting the response data R to the detection device 301 via the transmission line 1.

 また、本開示の第1の実施の形態に係る検知装置301では、検知部33は、検知条件C1,C2,C3を満たすか否かの判断結果に基づいて、ネットワークNWの異常を検知する構成であるとしたが、これに限定するものではない。検知部33は、検知条件C1,C2,C3のうちのいずれか1つまたは2つを満たすか否かの判断結果に基づいて、ネットワークNWの異常を検知する構成であってもよい。 In addition, in the detection device 301 according to the first embodiment of the present disclosure, the detection unit 33 is configured to detect an abnormality in the network NW based on the result of the determination as to whether or not the detection conditions C1, C2, and C3 are satisfied, but this is not limited to this. The detection unit 33 may be configured to detect an abnormality in the network NW based on the result of the determination as to whether or not any one or two of the detection conditions C1, C2, and C3 are satisfied.

 ところで、ネットワークにおけるセキュリティを向上させることが可能な技術が望まれる。より詳細には、たとえばネットワークにおける通信機器同士の通信を暗号化した場合、通信速度の低下およびコストの増大等の問題が生じ得る。 Incidentally, there is a demand for technology that can improve security in networks. More specifically, for example, if communications between communication devices in a network are encrypted, problems such as a decrease in communication speed and an increase in costs can arise.

 これに対して、本開示の第1の実施の形態に係る検知システムでは、検知装置301は、応答データRの生成に用いられる応答データ生成情報Gを、伝送線1Aを介して応答用装置101へ送信する。応答用装置101は、検知装置301から受信した応答データ生成情報Gに基づいて応答データRを生成し、生成した応答データRを、伝送線1Bを介して検知装置301へ送信する。検知装置301は、ネットワークNWの構成に基づく参照情報RFと、応答用装置101により送信された応答データRとに基づいて、ネットワークNWの異常を検知する。伝送線1A,1Bの少なくともいずれか一方は、ネットワークNWにおける主信号を伝送する主伝送路を含む。 In contrast, in the detection system according to the first embodiment of the present disclosure, the detection device 301 transmits response data generation information G used to generate response data R to the response device 101 via transmission line 1A. The response device 101 generates response data R based on the response data generation information G received from the detection device 301, and transmits the generated response data R to the detection device 301 via transmission line 1B. The detection device 301 detects an abnormality in the network NW based on reference information RF based on the configuration of the network NW and the response data R transmitted by the response device 101. At least one of the transmission lines 1A and 1B includes a main transmission path that transmits a main signal in the network NW.

 このように、ネットワークNWの構成に基づく参照情報RFと、伝送路2Aを介して伝送された応答データRとに基づいて、ネットワークNWの異常を検知する構成により、たとえば参照情報RFと応答データRとの比較結果に基づいて、ネットワークNWのネットワーク構成の変更をネットワークNWの異常として検知することができる。したがって、ネットワークNWにおけるセキュリティを向上させることができる。また、ネットワークNWにおける通信機器111同士の通信を暗号化する構成と比べて、通信速度の低下およびコストの増大を抑制しながら、ネットワークNWの異常を検知することができる。また、たとえば、応答用装置101が、ネットワークNWにおける通信機器111に取り付け可能なコネクタである構成により、通信機器111の仕様を変更することなく、ネットワークNWの異常を検知することができる。 In this way, by using a configuration that detects an abnormality in the network NW based on the reference information RF based on the configuration of the network NW and the response data R transmitted via the transmission path 2A, it is possible to detect a change in the network configuration of the network NW as an abnormality in the network NW, for example, based on the result of comparing the reference information RF with the response data R. Therefore, it is possible to improve security in the network NW. Also, compared to a configuration in which communication between communication devices 111 in the network NW is encrypted, it is possible to detect an abnormality in the network NW while suppressing a decrease in communication speed and an increase in costs. Also, for example, by using a configuration in which the response device 101 is a connector that can be attached to the communication device 111 in the network NW, it is possible to detect an abnormality in the network NW without changing the specifications of the communication device 111.

 次に、本開示の他の実施の形態について図面を用いて説明する。なお、図中同一または相当部分には同一符号を付してその説明は繰り返さない。 Next, other embodiments of the present disclosure will be described with reference to the drawings. Note that the same or equivalent parts in the drawings will be given the same reference numerals and their description will not be repeated.

 <第2の実施の形態>
 [構成および基本動作]
 本実施の形態は、第1の実施の形態に係る検知システム401,402,403と比べて、主信号を伝送する伝送路を介して応答用装置同士が一対一で接続される検知システム404に関する。以下で説明する内容以外は第1の実施の形態に係る検知システム401,402,403と同様である。 Second Embodiment
[Configuration and basic operation]
In comparison with the detection systems 401, 402, and 403 according to the first embodiment, this embodiment relates to a detection system 404 in which response devices are connected one-to-one via a transmission path that transmits a main signal. The contents other than those described below are the same as those of the detection systems 401, 402, and 403 according to the first embodiment.

 図8は、本開示の第2の実施の形態に係る検知システムの構成を示す図である。検知システム404は、応答用装置104である応答用装置104A,104B,104C,104Dと、応答用装置105である応答用装置105A,105B,105C,105Dと、通信機器112である通信機器112A,112B,112C,112Dと、スイッチ装置141であるスイッチ装置141A,141Bと、ゲートウェイ装置122と、検知装置304である検知装置304A,304B,304C,304Dとを備える。応答用装置104は、第2の応答用装置の一例である。応答用装置105は、第1の応答用装置の一例である。なお、検知システム404は、4つの検知装置304を備える構成に限定されず、1つの検知装置304を備える構成であってもよい。この場合、当該検知装置304は、検知システム404における、後述するすべてのネットワークNW2を監視する。 FIG. 8 is a diagram showing the configuration of a detection system according to a second embodiment of the present disclosure. The detection system 404 includes response devices 104A, 104B, 104C, and 104D that are response devices 104, response devices 105A, 105B, 105C, and 105D that are response devices 105, communication devices 112A, 112B, 112C, and 112D that are communication devices 112, switch devices 141A and 141B that are switch devices 141, a gateway device 122, and detection devices 304A, 304B, 304C, and 304D that are detection devices 304. The response device 104 is an example of a second response device. The response device 105 is an example of a first response device. The detection system 404 is not limited to a configuration including four detection devices 304, and may be a configuration including one detection device 304. In this case, the detection device 304 monitors all networks NW2, described below, in the detection system 404.

 ゲートウェイ装置122は、伝送線5A,5Bを介してスイッチ装置141A,141Bとそれぞれ接続されている。以下、伝送線5A,5Bの各々を伝送線5とも称する。伝送線5は、たとえばイーサネット(登録商標)ケーブルである。 The gateway device 122 is connected to the switch devices 141A and 141B via transmission lines 5A and 5B, respectively. Hereinafter, each of the transmission lines 5A and 5B will also be referred to as a transmission line 5. The transmission line 5 is, for example, an Ethernet (registered trademark) cable.

 たとえば、応答用装置104は、スイッチ装置141に取り付け可能なコネクタである。図8に示す例では、スイッチ装置141Aにおける図示しない2つの通信ポートに応答用装置104A,104Bがそれぞれ取り付けられており、スイッチ装置141Bにおける図示しない2つの通信ポートに応答用装置104C,104Dがそれぞれ取り付けられている。 For example, the response device 104 is a connector that can be attached to the switch device 141. In the example shown in FIG. 8, response devices 104A and 104B are attached to two communication ports (not shown) of the switch device 141A, and response devices 104C and 104D are attached to two communication ports (not shown) of the switch device 141B.

 また、たとえば、応答用装置105は、通信機器112に取り付け可能なコネクタである。図8に示す例では、通信機器112Aにおける図示しない通信ポートに応答用装置105Aが取り付けられており、通信機器112Bにおける図示しない通信ポートに応答用装置105Bが取り付けられており、通信機器112Cにおける図示しない通信ポートに応答用装置105Cが取り付けられており、通信機器112Dにおける図示しない通信ポートに応答用装置105Dが取り付けられている。 Also, for example, the response device 105 is a connector that can be attached to the communication device 112. In the example shown in FIG. 8, the response device 105A is attached to a communication port (not shown) of the communication device 112A, the response device 105B is attached to a communication port (not shown) of the communication device 112B, the response device 105C is attached to a communication port (not shown) of the communication device 112C, and the response device 105D is attached to a communication port (not shown) of the communication device 112D.

 応答用装置104および応答用装置105は、一対一で接続されている。より詳細には、応答用装置104Aおよび応答用装置105Aは、伝送線4Aを介して互いに接続されている。また、応答用装置104Bおよび応答用装置105Bは、伝送線4Bを介して互いに接続されている。また、応答用装置104Cおよび応答用装置105Cは、伝送線4Cを介して互いに接続されている。また、応答用装置104Dおよび応答用装置105Dは、伝送線4Dを介して互いに接続されている。以下、伝送線4A,4B,4C,4Dの各々を伝送線4とも称する。伝送線4は、物理的な伝送路である。 The response device 104 and the response device 105 are connected one-to-one. More specifically, the response device 104A and the response device 105A are connected to each other via a transmission line 4A. Furthermore, the response device 104B and the response device 105B are connected to each other via a transmission line 4B. Furthermore, the response device 104C and the response device 105C are connected to each other via a transmission line 4C. Furthermore, the response device 104D and the response device 105D are connected to each other via a transmission line 4D. Hereinafter, each of the transmission lines 4A, 4B, 4C, and 4D will also be referred to as a transmission line 4. The transmission line 4 is a physical transmission path.

 検知装置304および応答用装置104,105は、互いに接続されている。より詳細には、検知装置304Aおよび応答用装置104A,105Aは、伝送線3Aを介して互いに接続されている。また、検知装置304Bおよび応答用装置104B,105Bは、伝送線3Bを介して互いに接続されている。また、検知装置304Cおよび応答用装置104C,105Cは、伝送線3Cを介して互いに接続されている。また、検知装置304Dおよび応答用装置104D,105Dは、伝送線3Dを介して互いに接続されている。以下、伝送線3A,3B,3C,3Dの各々を伝送線3とも称する。伝送線3は、物理的な伝送路である。 Detection device 304 and response devices 104, 105 are connected to each other. More specifically, detection device 304A and response devices 104A, 105A are connected to each other via transmission line 3A. Detection device 304B and response devices 104B, 105B are connected to each other via transmission line 3B. Detection device 304C and response devices 104C, 105C are connected to each other via transmission line 3C. Detection device 304D and response devices 104D, 105D are connected to each other via transmission line 3D. Hereinafter, each of transmission lines 3A, 3B, 3C, 3D will also be referred to as transmission line 3. Transmission line 3 is a physical transmission path.

 検知システム404は、ネットワークNW2a,NW2bを含む。ネットワークNW2aは、スイッチ装置141A、応答用装置104A,104B,105A,105B、通信機器112A,112Bおよび伝送線4A,4Bにより構成される。ネットワークNWbは、スイッチ装置141B、応答用装置104C,104D,105C,105D、通信機器112C,112Dおよび伝送線4C,4Dにより構成される。以下、ネットワークNW2a,NW2bの各々をネットワークNW2とも称する。 The detection system 404 includes networks NW2a and NW2b. Network NW2a is composed of switch device 141A, response devices 104A, 104B, 105A, 105B, communication devices 112A, 112B, and transmission lines 4A, 4B. Network NWb is composed of switch device 141B, response devices 104C, 104D, 105C, 105D, communication devices 112C, 112D, and transmission lines 4C, 4D. Hereinafter, each of networks NW2a and NW2b will also be referred to as network NW2.

 伝送線4A,4Bは、ネットワークNW2aにおける主信号を伝送する主伝送路を含む。伝送線4C,4Dは、ネットワークNW2bにおける主信号を伝送する主伝送路を含む。伝送線3A,3Bは、ネットワークNW2aにおける異常の検知に用いられる専用線である。伝送線3C,3Dは、ネットワークNW2bにおける異常の検知に用いられる専用線である。伝送線3は第1の伝送路の一例であり、伝送線4は第2の伝送路の一例である。 Transmission lines 4A and 4B include a main transmission path that transmits a main signal in network NW2a. Transmission lines 4C and 4D include a main transmission path that transmits a main signal in network NW2b. Transmission lines 3A and 3B are dedicated lines used to detect abnormalities in network NW2a. Transmission lines 3C and 3D are dedicated lines used to detect abnormalities in network NW2b. Transmission line 3 is an example of a first transmission path, and transmission line 4 is an example of a second transmission path.

 伝送線3は、たとえば、RS-232C、RS-422AおよびRS-485等の規格に従うシリアル通信用の伝送線である。伝送線4は、たとえばイーサネットケーブルである。 Transmission line 3 is, for example, a transmission line for serial communication conforming to standards such as RS-232C, RS-422A, and RS-485. Transmission line 4 is, for example, an Ethernet cable.

 通信機器112およびスイッチ装置141は、対応の応答用装置104,105および対応の伝送線4を介して互いに通信を行う。一例として、通信機器112は、他の通信機器112宛のイーサネットフレームを、対応の応答用装置105および伝送線4経由でスイッチ装置141へ送信する。スイッチ装置141は、対応の応答用装置104を介して受信したイーサネットフレームを、当該イーサネットフレームの宛先アドレスに従って、宛先の通信機器112へ対応の応答用装置104および対応の伝送線4を介して送信するか、または対応の伝送線5を介してゲートウェイ装置122へ送信する。また、スイッチ装置141は、ゲートウェイ装置122から受信したイーサネットフレームを、当該イーサネットフレームの宛先アドレスに従って、宛先の通信機器112へ対応の応答用装置104および対応の伝送線4を介して送信する。 The communication device 112 and the switch device 141 communicate with each other via the corresponding response device 104, 105 and the corresponding transmission line 4. As an example, the communication device 112 transmits an Ethernet frame addressed to another communication device 112 to the switch device 141 via the corresponding response device 105 and the transmission line 4. The switch device 141 transmits the Ethernet frame received via the corresponding response device 104 to the destination communication device 112 via the corresponding response device 104 and the corresponding transmission line 4 according to the destination address of the Ethernet frame, or transmits it to the gateway device 122 via the corresponding transmission line 5. The switch device 141 also transmits the Ethernet frame received from the gateway device 122 to the destination communication device 112 via the corresponding response device 104 and the corresponding transmission line 4 according to the destination address of the Ethernet frame.

 ゲートウェイ装置122は、たとえば、通信機器112間でやり取りされるメッセージ、および検知システム404の外部における図示しない外部ネットワークと通信機器112との間でやり取りされるメッセージを中継する中継処理を行う。たとえば、通信機器112C,112Dは、秘匿性の低いメッセージの送受信を行い、ゲートウェイ装置122を介して当該外部ネットワークと通信接続される。一方、通信機器112A,112Bは、秘匿性の高いメッセージの送受信を行い、当該外部ネットワークとの通信接続は制限される。 Gateway device 122 performs relay processing to relay, for example, messages exchanged between communication devices 112 and messages exchanged between communication devices 112 and an external network (not shown) outside detection system 404. For example, communication devices 112C and 112D send and receive low-confidentiality messages, and are communicatively connected to the external network via gateway device 122. On the other hand, communication devices 112A and 112B send and receive highly confidential messages, and their communicative connections to the external network are restricted.

 検知システム404では、所定長の期間である検知期間Pdにおいて、ネットワークNW2の異常を検知する検知処理が行われる。より詳細には、検知装置304Aは、検知期間Pdにおいて、応答データRaの生成に用いられる応答データ生成情報Gaを、伝送線3Aを介して応答用装置104A,105Aへ送信する。また、検知装置304Bは、検知期間Pdにおいて、応答データRbの生成に用いられる応答データ生成情報Gbを、伝送線3Bを介して応答用装置104B,105Bへ送信する。また、検知装置304Cは、検知期間Pdにおいて、応答データRcの生成に用いられる応答データ生成情報Gcを、伝送線3Cを介して応答用装置104C,105Cへ送信する。また、検知装置304Dは、検知期間Pdにおいて、応答データRdの生成に用いられる応答データ生成情報Gdを、伝送線3Dを介して応答用装置104D,105Dへ送信する。以下、応答データRa,Rb,Rc,Rdの各々を応答データRとも称し、応答データ生成情報Ga,Gb,Gc,Gdの各々を応答データ生成情報Gとも称する。たとえば、検知期間Pdは、伝送線4を用いた通信が行われない期間である。 In the detection system 404, a detection process is performed to detect an abnormality in the network NW2 during a detection period Pd, which is a period of a predetermined length. More specifically, during the detection period Pd, the detection device 304A transmits response data generation information Ga used to generate response data Ra to the response devices 104A and 105A via the transmission line 3A. During the detection period Pd, the detection device 304B transmits response data generation information Gb used to generate response data Rb to the response devices 104B and 105B via the transmission line 3B. During the detection period Pd, the detection device 304C transmits response data generation information Gc used to generate response data Rc to the response devices 104C and 105C via the transmission line 3C. During the detection period Pd, the detection device 304D transmits response data generation information Gd used to generate response data Rd to the response devices 104D and 105D via the transmission line 3D. Hereinafter, each of the response data Ra, Rb, Rc, and Rd will also be referred to as response data R, and each of the response data generation information Ga, Gb, Gc, and Gd will also be referred to as response data generation information G. For example, the detection period Pd is a period during which no communication is performed using the transmission line 4.

 応答用装置105Aは、検知装置304Aから受信した応答データ生成情報Gaに基づいて応答データRaを生成し、生成した応答データRaを、イーサネットフレームに含めて伝送線4A経由で応答用装置104Aへ送信する。すなわち、応答用装置105Aは、ネットワークNW2aにおける主信号が伝送される伝送線4Aに応答データRaを時分割多重することにより、当該応答データRaを応答用装置104Aへ送信する。応答用装置104Aは、検知装置304Aから受信した応答データ生成情報Gaに基づいて応答データRaを生成し、生成した応答データRaと、伝送線4A経由で受信した応答データRaとを集約した集約データRx2aを生成し、生成した集約データRx2aを伝送線3A経由で検知装置304Aへ送信する。なお、検知期間Pdは、伝送線4を用いた通信が行われる期間であってもよい。この場合、応答用装置105Aは、伝送線4Aに応答データRaを周波数分割多重または符号分割多重することにより、当該応答データRaを応答用装置104Aへ送信する。 The response device 105A generates response data Ra based on the response data generation information Ga received from the detection device 304A, and transmits the generated response data Ra to the response device 104A via the transmission line 4A by including it in an Ethernet frame. That is, the response device 105A transmits the response data Ra to the response device 104A by time division multiplexing the response data Ra on the transmission line 4A through which the main signal in the network NW2a is transmitted. The response device 104A generates response data Ra based on the response data generation information Ga received from the detection device 304A, generates aggregated data Rx2a by aggregating the generated response data Ra and the response data Ra received via the transmission line 4A, and transmits the generated aggregated data Rx2a to the detection device 304A via the transmission line 3A. The detection period Pd may be a period during which communication is performed using the transmission line 4. In this case, the response device 105A transmits the response data Ra to the response device 104A by frequency division multiplexing or code division multiplexing the response data Ra onto the transmission line 4A.

 また、応答用装置105Bは、応答用装置105Aと同様に、応答データRbを伝送線4B経由で応答用装置104Bへ送信する。応答用装置104Bは、応答用装置104Aと同様に、集約データRx2bを生成して伝送線3B経由で検知装置304Bへ送信する。 Furthermore, like the response device 105A, the response device 105B transmits response data Rb to the response device 104B via transmission line 4B. Like the response device 104A, the response device 104B generates aggregate data Rx2b and transmits it to the detection device 304B via transmission line 3B.

 また、応答用装置105Cは、応答用装置105Aと同様に、応答データRcを伝送線4C経由で応答用装置104Cへ送信する。応答用装置104Cは、応答用装置104Aと同様に、集約データRx2cを生成して伝送線3C経由で検知装置304Cへ送信する。 Furthermore, like the response device 105A, the response device 105C transmits response data Rc to the response device 104C via transmission line 4C. Like the response device 104A, the response device 104C generates aggregate data Rx2c and transmits it to the detection device 304C via transmission line 3C.

 また、応答用装置105Dは、応答用装置105Aと同様に、応答データRdを伝送線4D経由で応答用装置104Dへ送信する。応答用装置104Dは、応答用装置104Aと同様に、集約データRx2dを生成して伝送線3D経由で検知装置304Dへ送信する。 Furthermore, the response device 105D, like the response device 105A, transmits response data Rd to the response device 104D via transmission line 4D. The response device 104D, like the response device 104A, generates aggregate data Rx2d and transmits it to the detection device 304D via transmission line 3D.

 応答用装置105により生成される応答データRは、第1の応答データの一例である。応答用装置104により生成される応答データRは、第2の応答データの一例である。以下、集約データRx2a,Rx2b,Rx2c,Rx2dの各々を集約データRx2とも称する。 The response data R generated by the response device 105 is an example of first response data. The response data R generated by the response device 104 is an example of second response data. Hereinafter, each of the aggregate data Rx2a, Rx2b, Rx2c, and Rx2d will also be referred to as aggregate data Rx2.

 検知装置304Aは、ネットワークNW2aの構成に基づく参照情報RF2aと、集約データRx2aとに基づいて、ネットワークNW2aの異常を検知する。また、検知装置304Bは、参照情報RF2aと、集約データRx2bとに基づいて、ネットワークNW2aの異常を検知する。また、検知装置304Cは、ネットワークNW2bの構成に基づく参照情報RF2bと、集約データRx2cとに基づいて、ネットワークNW2bの異常を検知する。また、検知装置304Dは、参照情報RF2bと、集約データRx2dとに基づいて、ネットワークNW2bの異常を検知する。以下、参照情報RF2a,RF2bの各々を参照情報RF2とも称する。 Detection device 304A detects an abnormality in network NW2a based on reference information RF2a based on the configuration of network NW2a and aggregated data Rx2a. Detection device 304B detects an abnormality in network NW2a based on reference information RF2a and aggregated data Rx2b. Detection device 304C detects an abnormality in network NW2b based on reference information RF2b based on the configuration of network NW2b and aggregated data Rx2c. Detection device 304D detects an abnormality in network NW2b based on reference information RF2b and aggregated data Rx2d. Hereinafter, each of reference information RF2a and RF2b will also be referred to as reference information RF2.

 たとえば、検知装置304は、対応のネットワークNW2の異常として、ネットワークNW2における経路遮断を検知する。経路遮断は、伝送線4を切断することによる物理的な経路遮断、および一部または全部のメッセージを破棄する不正なフィルタ装置を伝送線4に追加することによる論理的な経路遮断を含む。 For example, the detection device 304 detects a path block in the network NW2 as an abnormality in the corresponding network NW2. The path block includes a physical path block by cutting the transmission line 4, and a logical path block by adding an unauthorized filter device to the transmission line 4 that discards some or all messages.

 また、たとえば、検知装置304は、ネットワークNW2の異常として、ネットワークNW2a,NW2bの間における、スイッチ装置141およびゲートウェイ装置122を経由しない伝送路である迂回路の挿入を検知する。迂回路の挿入は、ネットワークNW2aにおける伝送線4とネットワークNW2bにおける伝送線4との間の配線を変更することによる物理的な迂回路の挿入、およびネットワークNW2a,NW2bの一方の伝送線4において伝送されるイーサネットフレームをネットワークNW2a,NW2bの他方の伝送線4へ中継する不正な中継器を挿入することによる論理的な迂回路の挿入を含む。 Also, for example, the detection device 304 detects, as an abnormality in the network NW2, the insertion of a detour between the networks NW2a and NW2b, which is a transmission path that does not pass through the switch device 141 and the gateway device 122. The insertion of a detour includes the insertion of a physical detour by changing the wiring between the transmission line 4 in the network NW2a and the transmission line 4 in the network NW2b, and the insertion of a logical detour by inserting an unauthorized repeater that relays an Ethernet frame transmitted on the transmission line 4 of one of the networks NW2a and NW2b to the transmission line 4 of the other network NW2a and NW2b.

 上述したように、通信機器112C,112Dは、ゲートウェイ装置122を介して外部ネットワークと通信接続される一方で、通信機器112A,112Bは、当該外部ネットワークとの通信接続は制限される。ネットワークNW2a,NW2bの間に迂回路が挿入された場合、通信機器112A,112Bがゲートウェイ装置122、スイッチ装置141Bおよび当該迂回路を介して当該外部ネットワークと通信接続されてしまう。そこで、検知装置304は、当該迂回路の挿入をネットワークNW2の異常として検知する。 As described above, communication devices 112C and 112D are communicatively connected to an external network via gateway device 122, while communication devices 112A and 112B are restricted from communicating with the external network. If a detour is inserted between networks NW2a and NW2b, communication devices 112A and 112B will be communicatively connected to the external network via gateway device 122, switch device 141B, and the detour. Therefore, detection device 304 detects the insertion of the detour as an abnormality in network NW2.

 (応答データ生成情報Gの送信)
 図9は、本開示の第2の実施の形態に係る検知システムにおける検知装置の構成を示す図である。図9を参照して、検知装置304は、送受信部41と、検知部42と、記憶部43とを備える。送受信部41および検知部42の一部または全部は、たとえば、1または複数のプロセッサを含む処理回路により実現される。記憶部43は、たとえば上記処理回路に含まれる不揮発性メモリである。 (Transmission of response data generation information G)
Fig. 9 is a diagram showing a configuration of a detection device in a detection system according to a second embodiment of the present disclosure. Referring to Fig. 9, the detection device 304 includes a transmission/reception unit 41, a detection unit 42, and a storage unit 43. A part or the whole of the transmission/reception unit 41 and the detection unit 42 is realized, for example, by a processing circuit including one or more processors. The storage unit 43 is, for example, a non-volatile memory included in the processing circuit.

 検知部42は、検知期間Pdにおいて、応答データ生成情報Gおよび検証開始コマンドを生成し、生成した応答データ生成情報Gおよび検証開始コマンドを送受信部41へ出力する。 During the detection period Pd, the detection unit 42 generates response data generation information G and a verification start command, and outputs the generated response data generation information G and verification start command to the transmission/reception unit 41.

 たとえば、検知装置304A,304Cにおける検知部42は、送信タイミングtaにおいて応答データ生成情報Ga,Gcおよび検証開始コマンドを生成して送受信部41へそれぞれ出力し、検知装置304B,304Dにおける検知部42は、送信タイミングtaとは異なる送信タイミングtbにおいて応答データ生成情報Gb,Gdおよび検証開始コマンドを生成して送受信部41へそれぞれ出力する。 For example, the detection units 42 in the detection devices 304A and 304C generate response data generation information Ga and Gc and a verification start command at transmission timing ta and output them to the transmission/reception unit 41, respectively, and the detection units 42 in the detection devices 304B and 304D generate response data generation information Gb and Gd and a verification start command at transmission timing tb that is different from the transmission timing ta and output them to the transmission/reception unit 41, respectively.

 送受信部41は、応答データ生成情報Gを伝送線3経由で対応の応答用装置104,105へ送信する。より詳細には、検知装置304Aにおける送受信部41は、検知部42から応答データ生成情報Gaを受けて、受けた応答データ生成情報Gaおよび検証開始コマンドをメッセージに含めて伝送線3A経由で応答用装置104,105へ送信する。 The transmitting/receiving unit 41 transmits the response data generation information G to the corresponding response device 104, 105 via the transmission line 3. More specifically, the transmitting/receiving unit 41 in the detection device 304A receives the response data generation information Ga from the detection unit 42, and transmits the received response data generation information Ga and a verification start command in a message to the response device 104, 105 via the transmission line 3A.

 (応答データRの送信)
 以下、応答用装置104,105による応答データRの送信について説明する。以下の応答データRの送信に関する内容は、特に断りがない限り、応答用装置104A,104B,104C,104D,105A,105B,105C,105Dに共通の内容である。 (Transmission of response data R)
The following describes the transmission of response data R by the response devices 104 and 105. Unless otherwise specified, the following content regarding the transmission of response data R is common to the response devices 104A, 104B, 104C, 104D, 105A, 105B, 105C, and 105D.

 図10は、本開示の第2の実施の形態に係る検知システムにおける応答用装置の構成を示す図である。図10を参照して、応答用装置104は、接続スイッチ50と、応答部60とを備える。応答部60は、通信部61と、処理部63と、記憶部64とを備える。通信部61は、受信部の一例であり、かつ送信部の一例である。処理部63は、生成部の一例である。通信部61および処理部63の一部または全部は、たとえば、1または複数のプロセッサを含む処理回路により実現される。記憶部64は、たとえば上記処理回路に含まれる不揮発性メモリである。記憶部64は、当該応答用装置104に固有の鍵情報Kを記憶している。接続スイッチ50は、伝送線4とスイッチ装置141とを、接続したり遮断したりする。通信部61とスイッチ装置141とは、接続スイッチ50を介して接続されてもよいし、接続されなくてもよいし、接続状態を切り替え可能であってもよい。なお、伝送線4と通信部61とは、接続スイッチ50を介して常に接続されていてもよいし、伝送線4とスイッチ装置141とが接続されている状態において遮断されてもよい。 10 is a diagram showing the configuration of a response device in a detection system according to a second embodiment of the present disclosure. Referring to FIG. 10, the response device 104 includes a connection switch 50 and a response unit 60. The response unit 60 includes a communication unit 61, a processing unit 63, and a storage unit 64. The communication unit 61 is an example of a receiving unit and an example of a transmitting unit. The processing unit 63 is an example of a generating unit. A part or all of the communication unit 61 and the processing unit 63 are realized, for example, by a processing circuit including one or more processors. The storage unit 64 is, for example, a non-volatile memory included in the processing circuit. The storage unit 64 stores key information K unique to the response device 104. The connection switch 50 connects or disconnects the transmission line 4 and the switch device 141. The communication unit 61 and the switch device 141 may or may not be connected via the connection switch 50, and the connection state may be switchable. The transmission line 4 and the communication unit 61 may be constantly connected via the connection switch 50, or may be disconnected when the transmission line 4 and the switch device 141 are connected.

 応答用装置105は、接続スイッチ70と、応答部80とを備える。応答部80は、通信部81と、処理部83と、記憶部84とを備える。通信部81は、受信部の一例であり、かつ送信部の一例である。処理部83は、生成部の一例である。通信部81および処理部83の一部または全部は、たとえば、1または複数のプロセッサを含む処理回路により実現される。記憶部84は、たとえば上記処理回路に含まれる不揮発性メモリである。記憶部84は、当該応答用装置105に固有の鍵情報Kを記憶している。接続スイッチ70は、伝送線4と通信機器112とを、接続したり遮断したりする。通信部81と通信機器112とは、接続スイッチ70を介して接続されてもよいし、接続されなくてもよいし、接続状態を切り替え可能であってもよい。なお、伝送線4と通信部81とは、接続スイッチ70を介して常に接続されていてもよいし、伝送線4と通信機器112とが接続されている状態において遮断されてもよい。 The response device 105 includes a connection switch 70 and a response unit 80. The response unit 80 includes a communication unit 81, a processing unit 83, and a storage unit 84. The communication unit 81 is an example of a receiving unit and an example of a transmitting unit. The processing unit 83 is an example of a generating unit. The communication unit 81 and the processing unit 83 are partly or entirely realized by a processing circuit including one or more processors. The storage unit 84 is, for example, a non-volatile memory included in the processing circuit. The storage unit 84 stores key information K unique to the response device 105. The connection switch 70 connects or disconnects the transmission line 4 and the communication device 112. The communication unit 81 and the communication device 112 may be connected or disconnected via the connection switch 70, or the connection state may be switchable. The transmission line 4 and the communication unit 81 may always be connected via the connection switch 70, or may be disconnected when the transmission line 4 and the communication device 112 are connected.

 応答用装置104における処理部63は、接続スイッチ50へ制御信号を出力することにより、接続スイッチ50の状態を、伝送線4とスイッチ装置141とを電気的に接続する第1状態と、伝送線4とスイッチ装置141とを接続せず、かつ伝送線4と通信部61とを電気的に接続する第2状態との間で切り替え可能である。処理部63は、伝送線4を用いた通信が行われる期間である通信期間Pcにおいて、接続スイッチ50の状態を、第1状態に設定する。 The processing unit 63 in the response device 104 can switch the state of the connection switch 50 between a first state in which the transmission line 4 and the switch device 141 are electrically connected, and a second state in which the transmission line 4 and the switch device 141 are not connected and the transmission line 4 and the communication unit 61 are electrically connected, by outputting a control signal to the connection switch 50. The processing unit 63 sets the state of the connection switch 50 to the first state during a communication period Pc, which is a period during which communication is performed using the transmission line 4.

 応答用装置105における処理部83は、接続スイッチ70へ制御信号を出力することにより、接続スイッチ70の状態を、伝送線4と通信機器112とを電気的に接続する第3状態と、伝送線4と通信機器112とを接続せず、かつ伝送線4と通信部81とを電気的に接続する第4状態との間で切り替え可能である。処理部68は、通信期間Pcにおいて、接続スイッチ70の状態を、第3状態に設定する。 The processing unit 83 in the response device 105 can output a control signal to the connection switch 70 to switch the state of the connection switch 70 between a third state in which the transmission line 4 and the communication device 112 are electrically connected, and a fourth state in which the transmission line 4 and the communication device 112 are not connected and the transmission line 4 and the communication unit 81 are electrically connected. The processing unit 68 sets the state of the connection switch 70 to the third state during the communication period Pc.

 応答用装置105において、通信部81は、伝送線3経由で検知装置304からメッセージを受信し、受信したメッセージから応答データ生成情報Gを取得する。通信部81は、取得した応答データ生成情報Gを処理部83へ出力する。処理部83は、通信部81から応答データ生成情報Gを受けて、接続スイッチ70へ制御信号を出力することにより、接続スイッチ70の状態を、上述した第4状態に切り替える。また、処理部83は、応答データ生成情報Gと、記憶部84における鍵情報Kとを用いて、生成元の応答用装置105のIDを含む応答データRを生成する。 In the response device 105, the communication unit 81 receives a message from the detection device 304 via the transmission line 3, and acquires response data generation information G from the received message. The communication unit 81 outputs the acquired response data generation information G to the processing unit 83. The processing unit 83 receives the response data generation information G from the communication unit 81 and outputs a control signal to the connection switch 70, thereby switching the state of the connection switch 70 to the fourth state described above. The processing unit 83 also uses the response data generation information G and the key information K in the memory unit 84 to generate response data R including the ID of the response device 105 that generated it.

 応答用装置104において、通信部61は、伝送線3経由で検知装置304からメッセージを受信し、受信したメッセージから応答データ生成情報Gを取得する。通信部61は、取得した応答データ生成情報Gを処理部63へ出力する。処理部63は、通信部61から応答データ生成情報Gを受けて、接続スイッチ50へ制御信号を出力することにより、接続スイッチ50の状態を、上述した第2状態に切り替える。また、処理部63は、応答データ生成情報Gと、記憶部64における鍵情報Kとを用いて、生成元の応答用装置104のIDを含む応答データRを生成する。また、処理部63は、応答データRを送信すべき旨を示す送信コマンドを通信部61へ出力する。通信部61は、処理部63から受けた送信コマンドをイーサネットフレームに含めて接続スイッチ50および伝送線4経由で応答用装置105へ送信する。 In the response device 104, the communication unit 61 receives a message from the detection device 304 via the transmission line 3 and acquires response data generation information G from the received message. The communication unit 61 outputs the acquired response data generation information G to the processing unit 63. The processing unit 63 receives the response data generation information G from the communication unit 61 and outputs a control signal to the connection switch 50, thereby switching the state of the connection switch 50 to the second state described above. The processing unit 63 also uses the response data generation information G and the key information K in the storage unit 64 to generate response data R including the ID of the response device 104 that generated it. The processing unit 63 also outputs a transmission command to the communication unit 61 indicating that the response data R should be transmitted. The communication unit 61 transmits the transmission command received from the processing unit 63 to the response device 105 via the connection switch 50 and the transmission line 4, including the transmission command in an Ethernet frame.

 応答用装置105において、通信部81は、伝送線4および接続スイッチ70経由で応答用装置104からイーサネットフレームを受信し、受信したイーサネットフレームから送信コマンドを取得し、取得した送信コマンドを処理部83へ出力する。処理部83は、通信部81から送信コマンドを受けて、応答データ生成情報Gおよび鍵情報Kを用いて生成した応答データRを通信部81へ出力する。通信部81は、処理部63から受けた応答データRをイーサネットフレームに含めて接続スイッチ70および伝送線4経由で応答用装置104へ送信する。なお、応答用装置104は、応答用装置105への送信コマンドの送信を行わない構成であってもよい。この場合、応答用装置105は、応答データ生成情報Gを含むメッセージを検知装置304から受けて、応答データRを自発的に応答用装置104へ送信する。 In the response device 105, the communication unit 81 receives an Ethernet frame from the response device 104 via the transmission line 4 and the connection switch 70, acquires a transmission command from the received Ethernet frame, and outputs the acquired transmission command to the processing unit 83. The processing unit 83 receives a transmission command from the communication unit 81 and outputs response data R generated using response data generation information G and key information K to the communication unit 81. The communication unit 81 includes the response data R received from the processing unit 63 in an Ethernet frame and transmits it to the response device 104 via the connection switch 70 and the transmission line 4. Note that the response device 104 may be configured not to transmit a transmission command to the response device 105. In this case, the response device 105 receives a message including response data generation information G from the detection device 304 and spontaneously transmits the response data R to the response device 104.

 応答用装置104において、通信部61は、受信期間TRaにおいて伝送線4および接続スイッチ50経由で受信したイーサネットフレームから応答データRを取得し、取得した応答データRを処理部63へ出力する。処理部63は、通信部61から応答データRを受けて、受けた応答データRおよび生成した応答データRに対して所定の処理を行うことにより、当該2つの応答データRのデータ量の合計値よりも小さいデータ量の集約データRx2を生成する。処理部63は、生成した集約データRx2を通信部61へ出力する。通信部61は、処理部63から受けた集約データRx2を含むメッセージを生成し、生成したメッセージを伝送線3経由で検知装置304へ送信する。 In the response device 104, the communication unit 61 acquires response data R from the Ethernet frame received via the transmission line 4 and the connection switch 50 during the reception period TRa, and outputs the acquired response data R to the processing unit 63. The processing unit 63 receives the response data R from the communication unit 61, and performs a predetermined process on the received response data R and the generated response data R, thereby generating aggregate data Rx2 having a data amount smaller than the total data amount of the two response data R. The processing unit 63 outputs the generated aggregate data Rx2 to the communication unit 61. The communication unit 61 generates a message including the aggregate data Rx2 received from the processing unit 63, and transmits the generated message to the detection device 304 via the transmission line 3.

 (検知処理)
 再び図9を参照して、検知装置304における送受信部41は、応答用装置104,105により生成された応答データRが集約された集約データRx2を、伝送線3を介して受信する。検知部42は、ネットワークNW2の構成に基づく参照情報RF2と、送受信部41により受信された集約データRx2とに基づいて、当該ネットワークNW2の異常を検知する検知処理を行う。以下、検知装置304Aにおける検知処理を代表的に説明する。 (Detection process)
9 again, the transmitting/receiving unit 41 in the detection device 304 receives aggregated data Rx2, which is an aggregate of response data R generated by the response devices 104, 105, via the transmission line 3. The detection unit 42 performs detection processing to detect an abnormality in the network NW2, based on reference information RF2 based on the configuration of the network NW2 and the aggregated data Rx2 received by the transmitting/receiving unit 41. The detection processing in the detection device 304A will be representatively described below.

 たとえば、検知装置304Aにおける記憶部43は、伝送線4Aに接続される応答用装置104A,105Aの2種類の鍵情報Kを示す参照情報RF2aを記憶している。 For example, the memory unit 43 in the detection device 304A stores reference information RF2a indicating two types of key information K for the response devices 104A and 105A connected to the transmission line 4A.

 検知装置304Aにおける送受信部41は、応答用装置104から伝送線3A経由でメッセージを受信する。送受信部41は、受信したメッセージから集約データRx2aを取得し、取得した集約データRx2aを検知部42へ出力する。 The transmitter/receiver 41 in the detection device 304A receives a message from the response device 104 via the transmission line 3A. The transmitter/receiver 41 acquires aggregate data Rx2a from the received message and outputs the acquired aggregate data Rx2a to the detection unit 42.

 検知部42は、送受信部41経由で応答用装置104A,105Aへ送信した応答データ生成情報Gaと、記憶部43における各鍵情報Kとを用いて、伝送線3Aに接続される応答用装置104A,105Aにそれぞれ対応する2つの応答データRaに相当する2つの生成データMaを生成する。 The detection unit 42 uses the response data generation information Ga sent to the response devices 104A, 105A via the transmission/reception unit 41 and each key information K in the memory unit 43 to generate two pieces of generation data Ma corresponding to the two pieces of response data Ra, respectively, that correspond to the response devices 104A, 105A connected to the transmission line 3A.

 検知部42は、送受信部41から受けた集約データRx2aと、応答用装置104Aに対応する生成データMaおよび応答用装置105Aに対応する生成データMaとをそれぞれ照合する。たとえば、検知部42、集約データRx2aに集約された2つの応答データRaの少なくともいずれか一方の応答データRaと、対応の生成データMaとが一致しない場合、検知条件C1を満たすと判断する。一方、検知部42は、送受信部41により受信された集約データRx2aに集約された2つの応答データRaと、生成した2つの生成データMaとがそれぞれ一致する場合、検知条件C1を満たさないと判断する。 The detection unit 42 compares the aggregated data Rx2a received from the transmission/reception unit 41 with the generated data Ma corresponding to the response device 104A and the generated data Ma corresponding to the response device 105A. For example, the detection unit 42 determines that the detection condition C1 is met when at least one of the two response data Ra aggregated in the aggregated data Rx2a does not match the corresponding generated data Ma. On the other hand, the detection unit 42 determines that the detection condition C1 is not met when the two response data Ra aggregated in the aggregated data Rx2a received by the transmission/reception unit 41 match the two generated generated data Ma.

 また、検知部42は、集約データRx2aに集約された応答データRの数が2個ではない場合、検知条件C2を満たすと判断する。一方、検知部42は、集約データRx2aに集約された応答データRの数が2個である場合、検知条件C2を満たさないと判断する。 Furthermore, if the number of response data R aggregated in the aggregated data Rx2a is not two, the detection unit 42 determines that the detection condition C2 is satisfied. On the other hand, if the number of response data R aggregated in the aggregated data Rx2a is two, the detection unit 42 determines that the detection condition C2 is not satisfied.

 また、検知部42は、受信期間TRa以外の期間において送受信部41により受信された応答データRの有無を確認する。たとえば、検知部42は、集約データRx2aとは別に送受信部41により受信された応答データRが存在する場合、検知条件C3を満たすと判断する。一方、検知部42は、集約データRx2aとは別に送受信部41により受信された応答データRが存在しない場合、検知条件C3を満たさないと判断する。 The detection unit 42 also checks whether or not there is response data R received by the transmission/reception unit 41 during a period other than the reception period TRa. For example, if there is response data R received by the transmission/reception unit 41 separately from the aggregated data Rx2a, the detection unit 42 determines that the detection condition C3 is satisfied. On the other hand, if there is no response data R received by the transmission/reception unit 41 separately from the aggregated data Rx2a, the detection unit 42 determines that the detection condition C3 is not satisfied.

 検知部42は、検知処理において、検知条件C1,C2,C3を満たすか否かの判断結果に基づいて、ネットワークNW2aの異常を検知する。より詳細には、検知部42は、検知条件C1,C2,C3のうちの少なくともいずれか1つを満たすと判断した場合、ネットワークNW2aの異常が発生していると判定する。 In the detection process, the detection unit 42 detects an abnormality in the network NW2a based on the result of the determination of whether or not the detection conditions C1, C2, and C3 are satisfied. More specifically, when the detection unit 42 determines that at least one of the detection conditions C1, C2, and C3 is satisfied, it determines that an abnormality has occurred in the network NW2a.

 たとえば、検知部42は、検知条件C1を満たす場合、応答用装置104A,105Aになりすました不正装置が存在すると判定する。また、たとえば、検知部42は、検知条件C2を満たし、かつ集約データRx2aに集約された応答データRの数が2個未満の場合、ネットワークNW2aにおいて経路遮断が発生していると判定する。また、たとえば、検知部42は、検知条件C2を満たし、かつ集約データRx2aに集約された応答データRの数が2個よりも多い場合、または検知条件C3を満たす場合、ネットワークNW2aにおいて迂回路の挿入が発生していると判定する。 For example, if detection condition C1 is satisfied, the detection unit 42 determines that there is an unauthorized device masquerading as the response device 104A, 105A. Also, for example, if detection condition C2 is satisfied and the number of response data R aggregated in aggregated data Rx2a is less than two, the detection unit 42 determines that a route blockage has occurred in the network NW2a. Also, for example, if detection condition C2 is satisfied and the number of response data R aggregated in aggregated data Rx2a is more than two, or if detection condition C3 is satisfied, the detection unit 42 determines that a detour has been inserted in the network NW2a.

 検知部42は、ネットワークNW2aの異常が発生していると判定した場合、異常が発生している旨を示す異常情報をメッセージに含めて伝送線3A経由で応答用装置104A,105Aへ送信する。また、検知部42は、ネットワークNW2aの異常が発生している旨を音声または表示により検知システム404のユーザに通知する。なお、検知部42は、応答用装置104A,105Aへの異常情報の送信、およびユーザへの通知の一方または両方を行わない構成であってもよい。また、検知部42は、ネットワークNW2aの異常が発生している旨を示すメッセージを、図示しないネットワークを介して、ユーザが所有するユーザ端末へ送信する構成であってもよい。 When the detection unit 42 determines that an abnormality has occurred in the network NW2a, it transmits abnormality information indicating that an abnormality has occurred in a message to the response devices 104A, 105A via the transmission line 3A. The detection unit 42 also notifies the user of the detection system 404 that an abnormality has occurred in the network NW2a by voice or display. The detection unit 42 may be configured not to transmit the abnormality information to the response devices 104A, 105A and/or notify the user. The detection unit 42 may also be configured to transmit a message indicating that an abnormality has occurred in the network NW2a to a user terminal owned by the user via a network not shown.

 再び図10を参照して、たとえば、応答用装置105Aにおける処理部83は、伝送線3Aおよび通信部81経由で検知装置304Aから異常情報を受信した場合、接続スイッチ70における伝送線4Aと通信機器112Aとの電気的な接続を遮断する。なお、処理部83は、伝送線4Aと通信機器112Aとの電気的な接続の遮断を行わない構成であってもよい。 Referring again to FIG. 10, for example, when the processing unit 83 in the response device 105A receives abnormality information from the detection device 304A via the transmission line 3A and the communication unit 81, it cuts off the electrical connection between the transmission line 4A in the connection switch 70 and the communication device 112A. Note that the processing unit 83 may be configured not to cut off the electrical connection between the transmission line 4A and the communication device 112A.

 また、応答用装置104において、処理部63は、集約データRx2を生成する代わりに、応答用装置105において生成された応答データR、および処理部63が生成した応答データRを通信部61へ出力する構成であってもよい。この場合、通信部61は、処理部63から受けた2つの応答データRを含むメッセージを生成し、生成したメッセージを伝送線3経由で検知装置304へ送信する。 In addition, in the response device 104, the processing unit 63 may be configured to output the response data R generated in the response device 105 and the response data R generated by the processing unit 63 to the communication unit 61, instead of generating aggregate data Rx2. In this case, the communication unit 61 generates a message including the two response data R received from the processing unit 63, and transmits the generated message to the detection device 304 via the transmission line 3.

 また、応答用装置104は、検知装置304と同様に、応答用装置104から受信した応答データRの数、および応答データRの受信タイミングに基づいて、ネットワークNW2a,NW2bの異常を検知する構成であってもよい。 Furthermore, the response device 104 may be configured to detect abnormalities in the networks NW2a and NW2b based on the number of response data R received from the response device 104 and the timing of receiving the response data R, similar to the detection device 304.

 また、検知システム404は、応答用装置104,105および検知装置304に加えて、または応答用装置104,105および検知装置304の代わりに、ゲートウェイ装置122およびスイッチ装置141にそれぞれ取り付けられ、かつ伝送線5を介して互いに接続された2つの応答用装置と、ゲートウェイ装置122、スイッチ装置および伝送線5を含むネットワークの異常を検知する検知装置とを備える構成であってもよい。この場合、当該検知装置は、当該2つの応答用装置から受信した応答データRに基づいて、ゲートウェイ装置122とスイッチ装置との間における経路遮断および迂回路の挿入を検知する。 Furthermore, in addition to the response devices 104, 105 and the detection device 304, or instead of the response devices 104, 105 and the detection device 304, the detection system 404 may be configured to include two response devices attached to the gateway device 122 and the switch device 141, respectively, and connected to each other via the transmission line 5, and a detection device that detects abnormalities in the network including the gateway device 122, the switch device, and the transmission line 5. In this case, the detection device detects the path interruption and the insertion of a detour between the gateway device 122 and the switch device based on the response data R received from the two response devices.

 また、上述したように、検知システム404は、4つの検知装置304を備える構成に限定されず、すべてのネットワークNW2を監視する1つの検知装置304を備える構成であってもよい。この場合、当該検知装置304は、伝送線3Aを介して応答データ生成情報Gaを応答用装置104A,105Aへ送信し、伝送線3Bを介して応答データ生成情報Gbを応答用装置104B,105Bへ送信し、伝送線3Cを介して応答データ生成情報Gcを応答用装置104C,105Cへ送信し、伝送線3Dを介して応答データ生成情報Gdを応答用装置104D,105Dへ送信する。そして、当該検知装置304は、参照情報RF2aと集約データRx2a,Rx2bとに基づいてネットワークNW2aの異常を検知し、参照情報RF2bと集約データRx2c,Rx2dとに基づいてネットワークNW2bの異常を検知する。 Also, as described above, the detection system 404 is not limited to a configuration including four detection devices 304, and may be configured to include one detection device 304 that monitors all of the networks NW2. In this case, the detection device 304 transmits response data generation information Ga to the response devices 104A and 105A via the transmission line 3A, transmits response data generation information Gb to the response devices 104B and 105B via the transmission line 3B, transmits response data generation information Gc to the response devices 104C and 105C via the transmission line 3C, and transmits response data generation information Gd to the response devices 104D and 105D via the transmission line 3D. Then, the detection device 304 detects an abnormality in the network NW2a based on the reference information RF2a and the aggregated data Rx2a and Rx2b, and detects an abnormality in the network NW2b based on the reference information RF2b and the aggregated data Rx2c and Rx2d.

 (変形例3)
 図11は、本開示の第2の実施の形態の変形例3に係る検知システムの構成を示す図である。図11を参照して、検知システム405は、検知システム404と比べて、検知装置304の代わりに検知装置305を備え、応答用装置104A,104B,104C,104Dの代わりに応答用装置106である応答用装置106A,106B,106C,106Dを備え、応答用装置105A,105B,105C,105Dの代わりに応答用装置107である応答用装置107A,107B,107C,107Dを備える。 (Variation 3)
Fig. 11 is a diagram showing a configuration of a detection system according to a third modification of the second embodiment of the present disclosure. Referring to Fig. 11, compared to the detection system 404, the detection system 405 includes a detection device 305 instead of the detection device 304, response devices 106A, 106B, 106C, and 106D that are response devices 106 instead of the response devices 104A, 104B, 104C, and 104D, and response devices 107A, 107B, 107C, and 107D that are response devices 107 instead of the response devices 105A, 105B, 105C, and 105D.

 検知装置305は、伝送線6を介してゲートウェイ装置122と接続されている。伝送線6は、たとえばイーサネットケーブルである。 The detection device 305 is connected to the gateway device 122 via a transmission line 6. The transmission line 6 is, for example, an Ethernet cable.

 検知装置305は、検知期間Pdにおいて、応答データRの生成に用いられる応答データ生成情報Gを応答用装置106,107へ送信する。より詳細には、検知装置305は、検知期間Pdが4つに分割された検知期間Pda,Pdb,Pdc,Pddを設定する。検知装置305は、検知期間Pdaにおいて、応答データ生成情報Gaをイーサネットフレームに含めて応答用装置106A,107Aへマルチキャスト送信する。また、検知装置305は、検知期間Pdbにおいて、応答データ生成情報Gbをイーサネットフレームに含めて応答用装置106B,107Bへマルチキャスト送信する。また、検知装置305は、検知期間Pdcにおいて、応答データ生成情報Gcをイーサネットフレームに含めて応答用装置106C,107Cへマルチキャスト送信する。また、検知装置305は、検知期間Pddにおいて、応答データ生成情報Gdをイーサネットフレームに含めて応答用装置106D,107Dへマルチキャスト送信する。 During the detection period Pd, the detection device 305 transmits response data generation information G used to generate response data R to the response devices 106 and 107. More specifically, the detection device 305 sets detection periods Pda, Pdb, Pdc, and Pdd into which the detection period Pd is divided into four. During the detection period Pda, the detection device 305 includes response data generation information Ga in an Ethernet frame and transmits it by multicast to the response devices 106A and 107A. Furthermore, during the detection period Pdb, the detection device 305 includes response data generation information Gb in an Ethernet frame and transmits it by multicast to the response devices 106B and 107B. Furthermore, during the detection period Pdc, the detection device 305 includes response data generation information Gc in an Ethernet frame and transmits it by multicast to the response devices 106C and 107C. In addition, during the detection period Pdd, the detection device 305 includes response data generation information Gd in an Ethernet frame and transmits it by multicast to the response devices 106D and 107D.

 図12は、本開示の第2の実施の形態の変形例3に係る検知システムにおける応答用装置の構成を示す図である。図12を参照して、応答用装置106は、応答用装置104と比べて、接続スイッチ50の代わりに中継部51を備える。応答用装置107は、応答用装置105と比べて、接続スイッチ70の代わりに中継部71を備える。中継部51,71は、イーサネットフレームの中継処理を行う。 FIG. 12 is a diagram showing the configuration of a response device in a detection system according to the third modification of the second embodiment of the present disclosure. With reference to FIG. 12, response device 106 is different from response device 104 in that it has a relay unit 51 instead of a connection switch 50. Response device 107 is different from response device 105 in that it has a relay unit 71 instead of a connection switch 70. The relay units 51 and 71 perform relay processing of Ethernet frames.

 再び図11を参照して、応答用装置106は、ゲートウェイ装置122および対応のスイッチ装置141経由で検知装置305から応答データ生成情報Gを受信し、受信した応答データ生成情報Gに基づく応答データRを生成する。応答用装置106は、生成した応答データRをイーサネットフレームに含めて対応のスイッチ装置141およびゲートウェイ装置122経由で検知装置305へ送信する。 Referring again to FIG. 11, the response device 106 receives response data generation information G from the detection device 305 via the gateway device 122 and the corresponding switch device 141, and generates response data R based on the received response data generation information G. The response device 106 includes the generated response data R in an Ethernet frame and transmits it to the detection device 305 via the corresponding switch device 141 and gateway device 122.

 応答用装置107は、ゲートウェイ装置122、対応のスイッチ装置141および対応の応答用装置106経由で検知装置305から応答データ生成情報Gを受信し、受信した応答データ生成情報Gに基づく応答データRを生成する。応答用装置107は、生成した応答データRをイーサネットフレームに含めて対応の応答用装置106、対応のスイッチ装置141およびゲートウェイ装置122経由で検知装置305へ送信する。 The response device 107 receives response data generation information G from the detection device 305 via the gateway device 122, the corresponding switch device 141, and the corresponding response device 106, and generates response data R based on the received response data generation information G. The response device 107 includes the generated response data R in an Ethernet frame and transmits it to the detection device 305 via the corresponding response device 106, the corresponding switch device 141, and the gateway device 122.

 検知装置305は、検知装置304と同様に、ネットワークNW2の構成に基づく参照情報RF2と、応答用装置106,107によりそれぞれ送信された応答データRとに基づいて、ネットワークNW2の異常を検知する。検知システム405では、検知システム404と比べて、伝送線3を用いることなくネットワークNW2の異常を検知することができる。 Like detection device 304, detection device 305 detects anomalies in network NW2 based on reference information RF2 based on the configuration of network NW2 and response data R transmitted by response devices 106 and 107, respectively. Unlike detection system 404, detection system 405 can detect anomalies in network NW2 without using transmission line 3.

 なお、検知システム405は、応答用装置106,107に加えて、または応答用装置106,107の代わりに、ゲートウェイ装置122およびスイッチ装置141にそれぞれ取り付けられ、かつ伝送線5を介して互いに接続された2つの応答用装置を備える構成であってもよい。この場合、検知装置305は、当該2つの応答用装置から受信した応答データRに基づいて、ゲートウェイ装置122とスイッチ装置との間における経路遮断および迂回路の挿入を検知する。 The detection system 405 may be configured to include two response devices, in addition to or instead of the response devices 106 and 107, that are attached to the gateway device 122 and the switch device 141, respectively, and connected to each other via the transmission line 5. In this case, the detection device 305 detects the path interruption and the insertion of a detour between the gateway device 122 and the switch device based on the response data R received from the two response devices.

 [動作の流れ]
 図13は、本開示の第2の実施の形態に係る検知システムにおける検知処理のシーケンスの一例を示す図である。図13は、検知装置304Aにおける検知処理を示している。 [Operation flow]
Fig. 13 is a diagram illustrating an example of a sequence of a detection process in the detection system according to the second embodiment of the present disclosure. Fig. 13 illustrates the detection process in the detection device 304A.

 図13を参照して、まず、検知装置304Aは、送信タイミングtaが到来すると、応答データ生成情報Gaを、伝送線3Aを介して応答用装置104A,105Aへ送信する(ステップS31)。 Referring to FIG. 13, first, when the transmission timing ta arrives, the detection device 304A transmits the response data generation information Ga to the response devices 104A and 105A via the transmission line 3A (step S31).

 次に、応答用装置104Aは、接続スイッチ50の状態を、上述した第2状態に切り替える。また、応答用装置105Aは、接続スイッチ70の状態を、上述した第4状態に切り替える(ステップS32)。 Next, the response device 104A switches the state of the connection switch 50 to the second state described above. Also, the response device 105A switches the state of the connection switch 70 to the fourth state described above (step S32).

 次に、応答用装置104A,105Aは、検知装置304Aから受信した応答データ生成情報Gaと、鍵情報Kとを用いて、応答データRaを生成する(ステップS33)。 Next, the response devices 104A and 105A generate response data Ra using the response data generation information Ga received from the detection device 304A and the key information K (step S33).

 次に、応答用装置104Aは、送信コマンドを伝送線4A経由で応答用装置105Aへ送信する(ステップS34)。 Next, the response device 104A transmits the transmission command to the response device 105A via the transmission line 4A (step S34).

 次に、応答用装置105Aは、送信コマンドを受信して、応答データRaを伝送線4A経由で応答用装置104Aへ送信する(ステップS35)。 Next, the response device 105A receives the transmission command and transmits the response data Ra to the response device 104A via the transmission line 4A (step S35).

 次に、応答用装置104Aは、応答用装置105Aから受信した応答データRaおよび生成した応答データRaが集約された集約データRx2aを生成する(ステップS36)。 Next, the response device 104A generates aggregated data Rx2a that aggregates the response data Ra received from the response device 105A and the generated response data Ra (step S36).

 次に、応答用装置104Aは、生成した集約データRx2aを伝送線3A経由で検知装置304Aへ送信する(ステップS37)。 Next, the response device 104A transmits the generated aggregate data Rx2a to the detection device 304A via the transmission line 3A (step S37).

 次に、検知装置304Aは、ネットワークNW2aの構成に基づく参照情報RF2aと、応答用装置104Aから受信した集約データRx2Aとに基づいて、検知処理を行う(ステップS38)。 Then, the detection device 304A performs detection processing based on the reference information RF2a based on the configuration of the network NW2a and the aggregated data Rx2A received from the response device 104A (step S38).

 図14は、本開示の第2の実施の形態の変形例3に係る検知システムにおける検知処理のシーケンスの一例を示す図である。 FIG. 14 is a diagram showing an example of a detection processing sequence in a detection system according to Variation 3 of the second embodiment of the present disclosure.

 図14を参照して、まず、検知装置305は、送信タイミングtaが到来すると、応答データ生成情報Gaをイーサネットフレームに含めて応答用装置106A,107Aへマルチキャスト送信する(ステップS41)。 Referring to FIG. 14, first, when the transmission timing ta arrives, the detection device 305 includes the response data generation information Ga in an Ethernet frame and transmits it by multicast to the response devices 106A and 107A (step S41).

 次に、応答用装置106A,107Aは、検知装置305から受信した応答データ生成情報Gaと、鍵情報Kとを用いて、応答データRaを生成する(ステップS42)。 Next, the response devices 106A and 107A generate response data Ra using the response data generation information Ga received from the detection device 305 and the key information K (step S42).

 次に、応答用装置106Aは、生成した応答データRをイーサネットフレームに含めてスイッチ装置141Aおよびゲートウェイ装置122経由で検知装置305へ送信する(ステップS43)。 Then, the response device 106A includes the generated response data R in an Ethernet frame and transmits it to the detection device 305 via the switch device 141A and the gateway device 122 (step S43).

 また、応答用装置107Aは、生成した応答データRをイーサネットフレームに含めて応答用装置106A、スイッチ装置141Aおよびゲートウェイ装置122経由で検知装置305へ送信する(ステップS44)。 The response device 107A also includes the generated response data R in an Ethernet frame and transmits it to the detection device 305 via the response device 106A, the switch device 141A, and the gateway device 122 (step S44).

 次に、検知装置305は、ネットワークNW2aの構成に基づく参照情報RF2aと、応答用装置106A,107Aからそれぞれ受信した応答データRaとに基づいて、検知処理を行う(ステップS45)。 Next, the detection device 305 performs detection processing based on the reference information RF2a based on the configuration of the network NW2a and the response data Ra received from the response devices 106A and 107A, respectively (step S45).

 上記実施の形態は、すべての点で例示であって制限的なものではないと考えられるべきである。本発明の範囲は、上記説明ではなく請求の範囲によって示され、請求の範囲と均等の意味および範囲内でのすべての変更が含まれることが意図される。 The above-described embodiments should be considered to be illustrative and not restrictive in all respects. The scope of the present invention is indicated by the claims, not by the above description, and is intended to include all modifications within the meaning and scope of the claims.

 以上の説明は、以下に付記する特徴を含む。
 [付記1]
 検知装置と、
 応答用装置とを備え、
 前記検知装置は、応答データの生成に用いられる応答データ生成情報を、第1の伝送路を介して前記応答用装置へ送信し、
 前記応答用装置は、前記検知装置から受信した前記応答データ生成情報に基づく前記応答データを、第2の伝送路を介して前記検知装置へ送信し、
 前記検知装置は、ネットワークの構成に基づく参照情報と、前記応答用装置により送信された前記応答データとに基づいて、前記ネットワークの異常を検知し、
 前記第1の伝送路は、前記ネットワークの異常の検知に用いられる専用線であり、
 前記第2の伝送路は、前記ネットワークにおける主信号を伝送する主伝送路であり、
 前記ネットワークは、前記応答用装置および前記第2の伝送路を含む、検知システム。 The above description includes the following additional features.
[Appendix 1]
A detection device;
a response device;
the detection device transmits response data generation information used to generate response data to the response device via a first transmission path;
the response device transmits the response data based on the response data generation information received from the detection device to the detection device via a second transmission path;
the detection device detects an anomaly in the network based on reference information based on a configuration of the network and the response data transmitted by the response device;
the first transmission line is a dedicated line used for detecting an abnormality in the network,
the second transmission path is a main transmission path that transmits a main signal in the network,
The network includes the response device and the second transmission path.

 1,1A,1B,2,2A,2B,2C,3,3A,3B,3C,3D,4,4A,4B,4C,4D,5,5A,5B,6 伝送線
 2A1,2A2 伝送路
 10 接続部
 20 応答部
 21 受信部
 22 送信部
 23 処理部(生成部)
 24 記憶部
 31 送信部
 32 受信部
 33 検知部
 34 記憶部
 41 送受信部(送信部、受信部)
 42 検知部
 43 記憶部
 50 接続スイッチ
 51 中継部
 60 応答部
 61 通信部(送信部、受信部)
 63 処理部(生成部)
 64 記憶部
 70 接続スイッチ
 71 中継部
 80 応答部
 81 通信部(送信部、受信部)
 83 処理部(生成部)
 84 記憶部
 101,101A,101B,102,102A,102C,103A,104,104A,104B,104C,104D,105,105A,105B,105C,105D,106,106A,106B,106C,106D,107,107A,107B,107C,107D 応答用装置
 111,111A,111B,111C,112,112A,112B,112C,112D 通信機器
 121,122 ゲートウェイ装置
 141,141A,141B スイッチ装置
 201,201A,201B 集約装置
 301,301A,301B,302,303,304,304A,304B,304C,304D,305 検知装置
 401,402,403,404,405 検知システム
 NW,NWa,NWb,NWc,NW1a,NW2,NW2a,NW2b ネットワーク 1, 1A, 1B, 2, 2A, 2B, 2C, 3, 3A, 3B, 3C, 3D, 4, 4A, 4B, 4C, 4D, 5, 5A, 5B, 6 Transmission line 2A1, 2A2 Transmission line 10 Connection section 20 Response section 21 Receiving section 22 Transmission section 23 Processing section (generation section)
24 Memory unit 31 Transmission unit 32 Reception unit 33 Detection unit 34 Memory unit 41 Transmission/reception unit (transmission unit, reception unit)
42 Detection unit 43 Storage unit 50 Connection switch 51 Relay unit 60 Response unit 61 Communication unit (transmission unit, reception unit)
63 Processing unit (generation unit)
64 Memory unit 70 Connection switch 71 Relay unit 80 Response unit 81 Communication unit (transmission unit, reception unit)
83 Processing unit (generation unit)
84 Memory unit 101, 101A, 101B, 102, 102A, 102C, 103A, 104, 104A, 104B, 104C, 104D, 105, 105A, 105B, 105C, 105D, 106, 106A, 106B, 106C, 106D, 107, 107A, 107B, 107C, 107D Response device 111, 111A, 111B, 111C, 112, 112A, 112B, 112C, 112D Communication device 121, 122 Gateway device 141, 141A, 141B Switch device 201, 201A, 201B Aggregation device 301, 301A, 301B, 302, 303, 304, 304A, 304B, 304C, 304D, 305 Detection device 401, 402, 403, 404, 405 Detection system NW, NWa, NWb, NWc, NW1a, NW2, NW2a, NW2b Network

Claims (13)

 応答用装置と、
 前記応答用装置および伝送路を含むネットワークの異常を検知する検知装置とを備え、
 前記検知装置は、応答データの生成に用いられる応答データ生成情報を、第1の伝送路を介して前記応答用装置へ送信し、
 前記応答用装置は、前記検知装置から受信した前記応答データ生成情報に基づいて前記応答データを生成し、生成した前記応答データを、第2の伝送路を介して前記検知装置へ送信し、
 前記検知装置は、前記ネットワークの構成に基づく参照情報と、前記応答用装置により送信された前記応答データとに基づいて、前記ネットワークの異常を検知し、
 前記第1の伝送路および前記第2の伝送路の少なくともいずれか一方は、前記ネットワークにおける主信号を伝送する主伝送路を含む、検知システム。 A response device;
a detection device for detecting an abnormality in a network including the response device and a transmission line,
the detection device transmits response data generation information used to generate response data to the response device via a first transmission path;
the response device generates the response data based on the response data generation information received from the detection device, and transmits the generated response data to the detection device via a second transmission path;
the detection device detects an anomaly in the network based on reference information based on a configuration of the network and the response data transmitted by the response device;
At least one of the first transmission path and the second transmission path includes a main transmission path that transmits a main signal in the network.  前記第1の伝送路は前記主伝送路であり、かつ前記第2の伝送路は前記ネットワークの異常の検知に用いられる専用線であるか、または、前記第2の伝送路は前記主伝送路であり、かつ前記第1の伝送路は前記ネットワークの異常の検知に用いられる専用線である、請求項1に記載の検知システム。 The detection system according to claim 1, wherein the first transmission path is the main transmission path and the second transmission path is a dedicated line used to detect anomalies in the network, or the second transmission path is the main transmission path and the first transmission path is a dedicated line used to detect anomalies in the network.  前記第1の伝送路は、前記専用線であり、
 前記第2の伝送路は、前記主伝送路である、請求項2に記載の検知システム。 the first transmission path is the dedicated line,
The detection system of claim 2 , wherein the second transmission line is the main transmission line.  前記応答用装置は、前記応答用装置の固有情報にさらに基づいて前記応答データを生成し、生成した前記応答データを、前記第2の伝送路を介して前記検知装置へ送信し、
 前記参照情報は、前記固有情報を含み、
 前記検知装置は、前記参照情報に含まれる前記固有情報および前記応答用装置へ送信した前記応答データ生成情報に基づいて生成データを生成し、受信した前記応答データを前記生成データと照合し、照合結果に基づいて、前記ネットワークの異常を検知する、請求項1から請求項3のいずれか1項に記載の検知システム。 the response device generates the response data further based on the unique information of the response device, and transmits the generated response data to the detection device via the second transmission path;
The reference information includes the unique information,
The detection system according to any one of claims 1 to 3, wherein the detection device generates generated data based on the unique information contained in the reference information and the response data generation information sent to the response device, compares the received response data with the generated data, and detects an abnormality in the network based on the comparison result.  前記検知装置は、受信した前記応答データの数に基づいて、前記ネットワークの異常を検知する、請求項1から請求項4のいずれか1項に記載の検知システム。 The detection system according to any one of claims 1 to 4, wherein the detection device detects an anomaly in the network based on the number of received response data.  前記検知装置は、受信した前記応答データの受信タイミングに基づいて、前記ネットワークの異常を検知する、請求項1から請求項5のいずれか1項に記載の検知システム。 The detection system according to any one of claims 1 to 5, wherein the detection device detects an anomaly in the network based on the timing of receiving the response data.  共通の物理的な伝送線を用いて、論理的な前記第1の伝送路および論理的な前記第2の伝送路が設けられており、
 前記検知装置および前記応答用装置は、前記伝送線において前記応答データ生成情報および前記応答データを多重して送信する、請求項1から請求項6のいずれか1項に記載の検知システム。 the first logical transmission path and the second logical transmission path are provided using a common physical transmission line;
7. The detection system according to claim 1, wherein the detection device and the response device multiplex the response data generation information and the response data and transmit them via the transmission line.  前記検知システムは、さらに、
 集約装置を備え、
 前記集約装置は、複数の前記応答用装置によりそれぞれ生成された複数の前記応答データが集約された集約データを生成し、生成した前記集約データを前記検知装置へ送信する、請求項1から請求項7のいずれか1項に記載の検知システム。 The detection system further comprises:
A consolidation device is provided.
The detection system according to claim 1 , wherein the aggregation device generates aggregated data by aggregating the response data generated by each of the response devices, and transmits the generated aggregated data to the detection device.  第1の応答用装置と、
 第2の応答用装置と、
 前記第1の応答用装置、前記第2の応答用装置および伝送路を含むネットワークの異常を検知する検知装置とを備え、
 前記検知装置は、応答データの生成に用いられる応答データ生成情報を、第1の伝送路を介して前記第1の応答用装置および前記第2の応答用装置へ送信し、
 前記第1の応答用装置は、前記検知装置から受信した前記応答データ生成情報に基づいて、前記応答データである第1の応答データを生成し、生成した前記第1の応答データを、第2の伝送路を介して前記第2の応答用装置へ送信し、
 前記第2の応答用装置は、前記検知装置から受信した前記応答データ生成情報に基づいて、前記応答データである第2の応答データを生成し、生成した前記第2の応答データおよび前記第1の応答用装置から受信した前記第1の応答データを前記検知装置へ送信し、
 前記検知装置は、前記ネットワークの構成に基づく参照情報と、前記第1の応答用装置により送信された前記第1の応答データと、前記第2の応答用装置により送信された前記第2の応答データとに基づいて、前記ネットワークの異常を検知し、
 前記第1の伝送路および前記第2の伝送路の少なくともいずれか一方は、前記ネットワークにおける主信号を伝送する主伝送路を含む、検知システム。 a first answering device;
a second answering device;
a detection device that detects an abnormality in a network including the first response device, the second response device, and a transmission line;
the detection device transmits response data generation information used to generate response data to the first response device and the second response device via a first transmission path;
the first response device generates first response data, which is the response data, based on the response data generation information received from the detection device, and transmits the generated first response data to the second response device via a second transmission path;
the second response device generates second response data, which is the response data, based on the response data generation information received from the detection device, and transmits the generated second response data and the first response data received from the first response device to the detection device;
the detection device detects an anomaly in the network based on reference information based on a configuration of the network, the first response data transmitted by the first response device, and the second response data transmitted by the second response device;
At least one of the first transmission path and the second transmission path includes a main transmission path that transmits a main signal in the network.  応答データの生成に用いられる応答データ生成情報を、第1の伝送路を介してネットワークにおける応答用装置へ送信する送信部と、
 前記応答データ生成情報に基づく前記応答データであって、前記応答用装置により送信された前記応答データを、第2の伝送路を介して受信する受信部と、
 前記ネットワークの構成に基づく参照情報と、前記受信部により受信された前記応答データとに基づいて、前記ネットワークの異常を検知する検知部とを備え、
 前記第1の伝送路および前記第2の伝送路の少なくともいずれか一方は、前記ネットワークにおける主信号を伝送する主伝送路を含む、検知装置。 a transmitting unit that transmits response data generation information used for generating response data to a response device in the network via a first transmission path;
a receiving unit that receives the response data based on the response data generation information and transmitted by the response device via a second transmission path;
a detection unit that detects an abnormality in the network based on reference information based on a configuration of the network and the response data received by the receiving unit,
At least one of the first transmission path and the second transmission path includes a main transmission path that transmits a main signal in the network.  ネットワークにおける通信機器に取り付けられる応答用装置であって、
 応答データの生成に用いられる応答データ生成情報を、第1の伝送路を介して、前記ネットワークの異常を検知する検知装置から受信する受信部と、
 前記受信部により受信された前記応答データ生成情報に基づいて前記応答データを生成する生成部と、
 前記生成部により生成された前記応答データを、第2の伝送路を介して他の装置へ送信する送信部とを備え、
 前記第1の伝送路および前記第2の伝送路の少なくともいずれか一方は、前記ネットワークにおける主信号を伝送する主伝送路を含む、応答用装置。 An answering device attached to a communication device in a network, comprising:
a receiving unit that receives response data generation information used for generating response data from a detection device that detects an anomaly in the network via a first transmission path;
a generation unit that generates the response data based on the response data generation information received by the receiving unit;
a transmission unit that transmits the response data generated by the generation unit to another device via a second transmission path;
At least one of the first transmission path and the second transmission path includes a main transmission path that transmits a main signal in the network.  応答データの生成に用いられる応答データ生成情報を、第1の伝送路を介して、ネットワークの異常を検知する検知装置から受信する受信部と、
 前記受信部により受信された前記応答データ生成情報に基づいて前記応答データを生成する生成部と、
 前記生成部により生成された前記応答データを、第2の伝送路を介して他の装置へ送信する送信部とを備え、
 前記第1の伝送路は前記ネットワークにおける主信号を伝送する主伝送路であり、かつ前記第2の伝送路は前記ネットワークの異常の検知に用いられる専用線であるか、または、前記第2の伝送路は前記主伝送路であり、かつ前記第1の伝送路は前記ネットワークの異常の検知に用いられる専用線である、応答用装置。 a receiving unit that receives response data generation information used for generating response data from a detection device that detects an anomaly in a network via a first transmission path;
a generation unit that generates the response data based on the response data generation information received by the receiving unit;
a transmission unit that transmits the response data generated by the generation unit to another device via a second transmission path;
A response device, wherein the first transmission path is a main transmission path for transmitting a main signal in the network, and the second transmission path is a dedicated line used for detecting abnormalities in the network, or the second transmission path is the main transmission path, and the first transmission path is a dedicated line used for detecting abnormalities in the network.  応答用装置と、前記応答用装置および伝送路を含むネットワークの異常を検知する検知装置とを備える検知システムにおける検知方法であって、
 前記検知装置が、応答データの生成に用いられる応答データ生成情報を、第1の伝送路を介して前記応答用装置へ送信するステップと、
 前記応答用装置が、前記検知装置から受信した前記応答データ生成情報に基づいて前記応答データを生成し、生成した前記応答データを、第2の伝送路を介して前記検知装置へ送信するステップと、
 前記検知装置が、前記ネットワークの構成に基づく参照情報と、前記応答用装置により送信された前記応答データとに基づいて、前記ネットワークの異常を検知するステップとを含み、
 前記第1の伝送路および前記第2の伝送路の少なくともいずれか一方は、前記ネットワークにおける主信号を伝送する主伝送路を含む、検知方法。 A detection method in a detection system including a response device and a detection device that detects an abnormality in a network including the response device and a transmission line, comprising:
a step of transmitting, from the detection device, response data generation information used for generating response data to the response device via a first transmission path;
the response device generating the response data based on the response data generation information received from the detection device, and transmitting the generated response data to the detection device via a second transmission path;
The detection device detects an anomaly in the network based on reference information based on a configuration of the network and the response data transmitted by the response device;
A detection method, wherein at least one of the first transmission path and the second transmission path includes a main transmission path that transmits a main signal in the network.
PCT/JP2024/020159 2023-08-01 2024-06-03 Detection system, detection device, response device, and detection method Pending WO2025028004A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2023-125266 2023-08-01
JP2023125266 2023-08-01

Publications (1)

Publication Number Publication Date
WO2025028004A1 true WO2025028004A1 (en) 2025-02-06

Family

ID=94395067

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2024/020159 Pending WO2025028004A1 (en) 2023-08-01 2024-06-03 Detection system, detection device, response device, and detection method

Country Status (1)

Country Link
WO (1) WO2025028004A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050177522A1 (en) * 2004-02-05 2005-08-11 Sun Microsystems, Inc. Method and system for accepting a pass code
JP2013138304A (en) * 2011-12-28 2013-07-11 Toyota Motor Corp Security system and key data operation method
JP2017076854A (en) * 2015-10-14 2017-04-20 富士通株式会社 Electronic device and data verification method
JP2018073245A (en) * 2016-11-01 2018-05-10 パナソニックIpマネジメント株式会社 Inspection apparatus, inspection system, information processing apparatus, inspection method and computer program
US20190289463A1 (en) * 2016-07-11 2019-09-19 Telit Communications S.P.A. Method and system for dual-network authentication of a communication device communicating with a server
WO2019225258A1 (en) * 2018-05-23 2019-11-28 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカ Abnormality detection device, abnormality detection system, and control method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050177522A1 (en) * 2004-02-05 2005-08-11 Sun Microsystems, Inc. Method and system for accepting a pass code
JP2013138304A (en) * 2011-12-28 2013-07-11 Toyota Motor Corp Security system and key data operation method
JP2017076854A (en) * 2015-10-14 2017-04-20 富士通株式会社 Electronic device and data verification method
US20190289463A1 (en) * 2016-07-11 2019-09-19 Telit Communications S.P.A. Method and system for dual-network authentication of a communication device communicating with a server
JP2018073245A (en) * 2016-11-01 2018-05-10 パナソニックIpマネジメント株式会社 Inspection apparatus, inspection system, information processing apparatus, inspection method and computer program
WO2019225258A1 (en) * 2018-05-23 2019-11-28 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカ Abnormality detection device, abnormality detection system, and control method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
TAKANORI MIYOSHI, ISAO KATO, TSUTOMU MATSUMOTO: "Route Tampering Detection System for Bus-based Networks for Control Systems.", IEEJ TRANSACTIONS ON ELECTRONICS, INFORMATION AND SYSTEMS (C), vol. 143, no. 11, 1 November 2023 (2023-11-01), JP , pages 1056 - 1060, XP009560806, ISSN: 0385-4221, DOI: 10.1541/ieejeiss.143.1056 *

Similar Documents

Publication Publication Date Title
CN101212366B (en) Failure detection method, system, and main node in Ethernet loop network
US8531942B2 (en) Communication system having a master/slave structure
CN101146014B (en) Fault Tolerant Ethernet
CN101523803B (en) Elastic scheme in communication network
CN103684845B (en) Network stand-by provision and the network system for having the network stand-by provision
CN101176313A (en) User, master unit, communication system and method of operation thereof
JP2016504873A (en) Data transmission using protocol exception status
US20070171817A1 (en) Data communication device and the method thereof
US8959386B2 (en) Network and expansion unit and method for operating a network
WO2025028004A1 (en) Detection system, detection device, response device, and detection method
US8649261B2 (en) Method and system for blocking protocol messages at a sub-ring control channel without virtual channel
CN111656737B (en) Radio communication system for an industrial automation system and method for operating a radio communication system
JP3651612B1 (en) Communication control system
EP2523401B1 (en) Virtual networks within a physical network
JPWO2006043327A1 (en) Relay device and network system
CN102223241B (en) Method and equipment for informing network change
CN101809938A (en) Power line communication system and power line communication device
CN103166868A (en) Method and device for preventing neighbor shock
JP2008544678A (en) Communication network system
JP2012501121A (en) Absolute control of virtual switches
EP4324165A1 (en) In-vehicle network for context aware real-time traffic specific network configuration
JP3994440B2 (en) Communication control system
TWI451264B (en) Signal transformation apparatus with redundant mechanism and method of implementing redundancy
JP2006020202A (en) Communication equipment, method, and program for controlling communication
JP2009105519A (en) Layer-2 switch device, and method of transferring layer-2 link state information

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 24848665

Country of ref document: EP

Kind code of ref document: A1