A network technology called a CAN (controller area network) may be used for performing transmission and reception of data or control information between devices that are used for an on-board network of a vehicle or for factory automation. A system in which the CAN is used includes a plurality of ECUs (electronic control units). The ECUs communicate with one another by performing transmission of a data frame (message). In the CAN, a data frame that is used for communication includes identification information (ID) used for identifying a data frame. Further, each of the ECUs has stored therein an ID of a data frame to be received. In the CAN, a data frame is broadcast, so a plurality of data frames arrive at the ECUs connected to the CAN at the same time. When the transmission timings of a plurality of data frames are the same as one another, the priority of a data frame is determined according to the value of an ID included in a data frame, and a data frame that has priority is transmitted earlier. A data frame that has low priority is broadcast after the data frame having high priority is transmitted. When data frames are broadcast, each of the ECUs receives a data frame that includes an ID that is set to be received by the ECU but discards a data frame that includes an ID that is not set to be received.
Due to this scheme, when an attack has been performed on a network using a data frame including an ID that has been set to be received by an ECU, the ECU will receive the frame used for the attack. The ECU which receives a frame used for an attack may take an action that the ECU would not take normally, due to the reception of the frame. Thus, attempts to identify a frame transmitted for an attack have been made. For example, a method for deciding whether a data frame has been transmitted for an attack has been proposed, the method including verifying, when a data frame is received that does not comply with a specified rule for a data frame transmission cycle, a specific identifier in the data frame (for example, International Publication Pamphlet No. WO 2015/170451).
However, it may be difficult to identify a frame used for an attack in a system in which both a data frame transmitted periodically and a data frame not transmitted periodically are transmitted. In the technology described above, when a certain message that is not transmitted in a specified transmission cycle is transmitted and a message is then periodically transmitted in the specified transmission cycle with the transmission time of the certain message used as a reference, the periodically transmitted message may be erroneously identified as a frame used for attack.