Conventionally, the CAN communication protocol is widely used for communication between a plurality of communication devices installed in a vehicle. Vehicle-mounted communication systems that employ the CAN communication protocol have a configuration in which a plurality of communication devices are connected to a common CAN bus, and perform message transmission and reception such that a communication device on the reception side acquires a signal output from a communication device on the transmission side to the CAN bus. With the multi-functionalization and high-functionalization of vehicles, communication devices are multi-functionalized and high-functionalized, which increases the number of the communication devices and the amount of data to be transmitted and received between the communication devices, causing the problem that communication loads increase. Accordingly, typically, a configuration is employed in which the communication devices are divided into a plurality of groups, a plurality of communication devices in each group are connected to each other via a common communication line so as to perform data transmission and reception therebetween, and data transmission and reception between the groups are relayed by a vehicle-mounted relay device such as a gateway, so that an increase in communication loads is suppressed.
In the vehicle-mounted communication systems, for example, a malicious device may be connected to the CAN bus, or a regular communication device may malfunction due to, for example, an electronic virus or the like. Such a device may perform, for example, unauthorized message transmission to the CAN bus, causing a regular communication device connected to the CAN bus to malfunction. Accordingly, techniques have been investigated for preventing malfunction or the like of a regular communication device due to an unauthorized message transmitted from an unauthorized communication device.
JP 2013-38711A has proposed a communication management device for a vehicle network that restricts the input of external data. The communication management device monitors data on a CAN bus and data that is externally input, and restricts transmission of the external data if the usage rate of the CAN bus exceeds a load reference value and if the usage rate of the CAN bus is predicted to exceed the load reference value due to transfer of the external data.
The communication management device according to JP 2013-38711A is configured to determine whether or not the usage rate of the CAN bus exceeds a load reference value, and thus has the problem that it cannot restrict transmission if the amount of message transmission with a malicious device is small.
The present invention was made in view of the above-described circumstances, and it is an object thereof to provide a vehicle-mounted relay device, a vehicle-mounted communication system, and a relay program with which it is possible to detect transmission of an unauthorized message, and prevent the unauthorized message from being relayed between networks.