DE102018210959A1 - Method for monitoring a traffic component, in particular a motor vehicle, for an unauthorized activity, and system - Google Patents

Abstract

The invention relates to a method for monitoring a traffic component (11) for an unauthorized activity, a backend device (18) external to the component receiving operational data (T1) of the traffic component (11) and at least one between the received operational data (T1) and corresponding comparison data (T2) predetermined comparison components (21) determines a difference and, in the event that the difference fulfills a predetermined trigger criterion, sends a respective safety signal (T3) to at least one predetermined safety unit (24).

Description

The invention relates to a method for monitoring a traffic component for an unauthorized activity. The traffic component can be a motor vehicle, for example. The invention also includes a system for performing the method.

Monitoring of a motor vehicle, for example a motor vehicle, in particular an autonomous motor vehicle, can be ensured by means of a data communication network of the motor vehicle, such as automotive networks, controller area network (CAN), media-oriented systems transport (MOST), Ethernet in the motor vehicle. However, such data communication networks create the risk that a person with malicious intent can penetrate the data communication networks of the motor vehicle. In the event of an intrusion into the data communication networks of the motor vehicle, securing the motor vehicle using online updates can be difficult. Furthermore, in this case, the automobile can be used by the person with malicious intent as a danger to an environment, so that damage is possible. It is therefore important that reliable monitoring of the motor vehicle is made possible.

From the WO 2017/046805 A1 a system and method for detecting malicious activities in vehicle data communication networks are known. The system is part of an autonomous vehicle and comprises a classifier in the form of a machine learning method, which serves to predict expected benign activities and uses this to identify deviant activities.

From the WO 2015/057979 A1 a system and method for detecting malicious activity and malicious hardware / software changes to an autonomous vehicle are known. A machine learning system is used to detect the malicious activity.

From the US 2018/072265 A1 autonomous vehicle safety is known. An autonomous vehicle includes sensors that are used to detect an unauthorized person inside the vehicle.

The invention is based on the object of being able to enable a traffic component, in particular a motor vehicle, to be monitored efficiently in an automated manner.

The object is solved by the subject matter of the independent claims. Advantageous further developments result from the dependent claims, the following description and the single figure.

The method provided is used to monitor a traffic component, in particular a motor vehicle, for an unauthorized activity. The traffic component can also be something other than a motor vehicle, e.g. a camera for an infrastructure component, e.g. a traffic light or an intersection.

The following is provided in order to enable automated monitoring of a traffic component for an unauthorized activity using the method. Operating data can be determined in the traffic component. The traffic component can e.g. have one or more sensors which can provide different sensor data as operating data. The operating data can describe an operating state during a specific period of time or a current operating state of the traffic component. These operating data of the traffic component can include the entire sensor data of the traffic component or at least part of the sensor data. Additionally or alternatively, the operating data can contain feature data generated from the sensor data. Operating data can additionally or alternatively include respective status data of at least one control unit and / or at least one actuator of the traffic component. The operating data can additionally or alternatively also include communication data which are exchanged between control units of the traffic component and / or between a control unit and a transmission and reception unit external to the component. The operating data can additionally or alternatively also include control data generated by at least one software module of the traffic component, e.g. Control data for controlling at least one actuator of the traffic component.

A first level or level of monitoring is now provided, which is carried out outside the traffic component. A second level of monitoring in the traffic component itself is described below.

A backend device external to the component is provided, which can be designed as a server device external to the component and / or a data cloud (also referred to as a “data cloud” or “cloud server”). The traffic component can wirelessly send the operating data to the component-external backend device. The backend device external to the component receives the operating data of the traffic component. Furthermore, the component-external backend device performs a comparison between the received operating data on the one hand and corresponding comparison data of at least one predetermined comparison component on the other hand and determines a difference. In other words, the component-external back-end device receives both operating data which are sent by an electronic component of the traffic component and comparison data which are provided by at least one predetermined comparison component, for example a second traffic component, which are of the same component type and / or of the same model how the traffic component can be designed.

As another variant, the comparison data can be from the same traffic component, which is in a predetermined normal state, which corresponds to no unauthorized activity. An unauthorized activity could be, for example, that a person with malicious intent could enter the data communication networks of the autonomous motor vehicle and steal the motor vehicle and / or steal the important data. Furthermore, an unauthorized activity could consist in that the autonomous motor vehicle is used by remote control for kidnapping the occupant and / or the motor vehicle is steered onto a sidewalk and accelerated in the process, for example to injure pedestrians. Such unauthorized activity would e.g. be recognizable by the fact that a warning signal of a collision warning system is ignored.

In the normal state, the operating data may have been obtained as comparison data from the first traffic component itself and may have been stored at an earlier point in time, for example, in a storage element of the backend device external to the component. As soon as the operating data has been received from the component-external backend device at a point in time, the component-external backend device carries out the said comparison between the operating data and the corresponding comparison data and determines the said difference.

By the term "corresponding" it is meant that the comparison data describe a property of the comparison components that correspond to an identical property or an equivalent property of the traffic component, e.g. at the same time and / or the same environmental conditions. As an example, the property can be a speed of a motor vehicle, which e.g. drives through a residential area at morning and / or on a street.

Furthermore, the component-external backend device can generate a first pattern from the received operating data from the traffic component. The first pattern can e.g. be a statistical description of the operating behavior and / or a concrete description of the current operating behavior of the traffic component. Furthermore, the component-external backend device can generate a second pattern from the corresponding comparison data or the comparison data represent such a second pattern. The second pattern can e.g. a statistical description of the authorized operating behavior, e.g. can be provided by the manufacturer of the traffic component. The second pattern thus describes at least one authorized activity, i.e. the normal state. The backend device can perform a pattern comparison between the first pattern and the second pattern and determine the difference.

In the event that the difference fulfills a predetermined trigger criterion, the component-external back-end device sends a respective security signal at least to a security unit. The trigger criterion can e.g. provide a threshold comparison for the difference determined. In other words, if an amount of the difference between the received operating data and the corresponding comparison data exceeds a predetermined threshold value or if the triggering criterion is met in some other way, an unauthorized activity of the traffic component is thereby recognized. The component-external back-end device then sends the respective security signal to the at least one security unit, for example a central security station or to the police. This allows the security unit to react to the security signal and e.g. send at least one safety activity signal to the traffic component, thereby the traffic component can e.g. be braked and / or stopped if it is a motor vehicle. This enables automated monitoring of the traffic component for the unauthorized activity.

The method can be used to detect malware after it has been installed in the traffic component and changes the operating behavior of the traffic component. The method can be used to detect tampering with a control device, e.g. manipulation to increase engine performance.

A motor vehicle, in particular an at least partially autonomously operated motor vehicle, which is monitored by means of the method according to the invention, offers security both for motor vehicle occupants and for an environment of the motor vehicle. Furthermore, such a motor vehicle can be used as a mobile location for important meetings and / or celebrity meetings. Furthermore, a due to its security, such motor vehicles can be rented for important meetings and / or meetings for financial reasons. The method can be used to identify driving behavior that is abnormal for the traffic component, such as can be caused by theft or kidnapping, for example.

It is e.g. possible that at one point in time a motor vehicle driver maliciously tries to steer the motor vehicle onto a sidewalk and accelerate it in order to injure pedestrians. At this point in time, the motor vehicle uses the electronic component to send the operating data or the data with information about the alignment and acceleration of the motor vehicle to the backend device external to the component. The backend device external to the component receives the operating data of the motor vehicle. Furthermore, the component-external back-end device carries out the comparison between the received operating data and corresponding comparison data of the at least one predetermined comparison component and determines the difference. In this case, since the orientation and the acceleration of the motor vehicle do not match the comparison data, the difference or the amount of the difference is greater than a threshold value, i.e. the predetermined triggering criterion is fulfilled, whereby an unauthorized activity or the malicious intent of the motor vehicle driver is recognized. The component-external back-end device then sends the security signal to the at least one security unit, for example the central security station and / or the police. This enables the central security station to react to the security signal and e.g. send at least one safety activity signal to the motor vehicle, whereby the motor vehicle is braked and / or stopped at the time. At the same time, a loud warning signal to the pedestrians from an actuator of the motor vehicle can also be activated by means of the safety activity signal, so that the pedestrians can quickly walk away from the sidewalk away from the braked and / or stopped motor vehicle. Additionally or alternatively, the motor vehicle doors can be locked so that the motor vehicle driver cannot escape from the motor vehicle. As a result, the police, who have been informed of the component-external back-end device by means of the security signal sent to them, can come to the scene of the crime and arrest the motor vehicle driver.

The invention includes further developments, the features of which result in additional advantages.

In order to be able to implement the described comparison and to determine the difference between the operating data and the corresponding comparison data, provision is made in particular for a digital twin (also referred to as “digital twin”) of the traffic component to be operated in one of the at least one predetermined comparison component. The digital twin can simulate the traffic component without unauthorized activities and generate the corresponding comparison data. The digital twin can comprise a data-based model and / or a mathematical model and / or describe a digital representation of the traffic component from the real world. In other words, the digital twin can represent the same functional and / or physical properties of the traffic component.

In order to adapt a digital twin to the traffic component, a machine learning device, which is referred to here as an internal machine learning device, can be operated to generate the data-based model of the digital twin, because it can represent an integral part of the digital twin. The internal machine learning device can operate a software program, which can be based on an artificial neural network (KNN) and / or a support vector machine (SVM) and / or a regression (for example regression level in a feature space). It is also conceivable for the software program to be based on a deep learning KNN, which is thus designed to be efficient. The internal machine learning device can form and update the data-based model using the operating data of the traffic components, which are generated by the traffic components and sent to the external component of the backend. As a result, the digital twin can ideally behave exactly like the traffic component from the real world.

It is conceivable that each of a new traffic component produced can have a respective digital twin, which can be provided in a backend device external to the component. On the basis of the digital twin formed from the respective operating data, an unauthorized activity can be recognized at one point in time by means of the backend device external to the component. In this case, the component-external back-end device can identify other digital twins of similar traffic components, for example by means of a machine learning device, which could also be endangered by such an unauthorized activity. The other digital twins can be present in the same non-component backend device and / or in a different non-component backend device. At this point, you can the component-external back-end device communicates directly with the other digital twins or the respective corresponding traffic components and sends a prewarning signal. The respective corresponding traffic components can be protected against possible unauthorized activity by means of the pre-warning signal. Said machine learning device for identifying similar digital twins can operate a software program for this purpose, which can be based on an artificial neural network (KNN) and / or a support vector machine (SVM) and / or a regression (for example regression level in a feature space).

Furthermore, the mathematical model of the digital twin can be based on a database of the operating data of various traffic components, from which a statistical and / or stochastic model can be created. Additionally or alternatively, the mathematical model can be derived from physical equations and / or compared against different operating data of different traffic components in order to validate the mathematical model. It is also conceivable that the mathematical model is designed as a hybrid model which is created from the mathematical model derived from the physical equations and from the static and / or stochastic model based on the database of the operating data of various traffic components. This has the advantage that certain operating data can be made available as comparison data by means of the mathematical model, which are difficult to find as operating data of another physical traffic component.

According to an advantageous embodiment, in one of the at least one predetermined comparison component, a first computing device can receive operating data from a fleet of a plurality of predetermined, similar traffic components and operate at least one first machine learning device. The at least one first machine learning device can operate a software program, which can be based on an artificial neural network (KNN) and / or a support vector machine (SVM) and / or a regression (for example regression level in a feature space). It is furthermore conceivable that the software program of the at least one first machine learning device is based on a deep learning KNN, which is thus designed to be efficient. Furthermore, the at least one first machine learning device carries out a detection or training or formation of a pattern in the operating data and generates the detected pattern as the corresponding comparison data. This has the advantage that the detected pattern from operating data which corresponds to the fleet of the plurality of similar traffic components is more reliable compared to one from operating data of an individual similar traffic component. Because a plurality of incorrect or atypical operating data or noise can be reduced from a plurality. Thus, a reliable pattern is provided as the corresponding comparison data in an efficient manner. Automated monitoring of the traffic component is thus made possible by using the at least one first machine learning device. "Similar" can e.g. mean that the respective comparison component is the same model (e.g. motor vehicle model) as the traffic component or has the same technical equipment with regard to at least one functionality of the traffic component (camera system, operating system, computer hardware).

The monitoring of the traffic component preferably has two levels or two levels. In addition to the level described in the backend device, provision is preferably made for a second level or a second level to be implemented in the traffic component itself. Safety and / or security can also be monitored in the traffic component.

For this purpose, a second computing device can receive operating data of the traffic component in the traffic component and operate at least one second machine learning device. Comparable to the at least one first machine learning device, the at least one second machine learning device can operate a software program which is based on an artificial neural network (KNN) and / or a support vector machine (SVM) and / or a regression (for example regression level in a feature space) can be. Furthermore, it is conceivable that the software program of the at least one second machine learning device can be based on a deep learning KNN. Furthermore, the at least one second machine learning device carries out a pattern recognition in the operating data, and if at least one predetermined activity pattern is recognized, an activity signal is generated and sent to the backend device external to the component.

In other words, the at least one second machine learning device comprises a memory which comprises a predetermined activity pattern of the traffic component. This predetermined activity pattern of the traffic component can be created from operating data of the traffic component by means of the at least one second machine learning device. Receives at a time the second computing device operates the operating data of the traffic component and operates the at least one second machine learning device. At this time, the at least one second machine learning device carries out a pattern recognition of the operating data and determines a current activity pattern. Furthermore, the at least one second machine learning device carries out a comparison between the current activity pattern and the predetermined, learned activity pattern and determines a difference. In the event that the difference fulfills a predetermined triggering criterion, the second computing device generates an activity signal and sends this activity signal to the component-external jaw device. The triggering criterion can, for example, provide a threshold comparison for the determined difference. It is also conceivable that the predetermined activity pattern can be updated with new operating data of the traffic component, which correspond without unauthorized activities.

If the difference or an amount of the difference is greater than a threshold value, the threshold value being determined beforehand, then an unauthorized activity in the traffic component is detected. If the difference is greater than the threshold value or the current activity pattern has a probability of occurrence less than the threshold value (minority classification), the unauthorized activity is signaled. At this point in time, an activity signal is generated and sent wirelessly to the component-external backend device, which sends or forwards the activity signal to the at least one security unit as a possible security signal. As a result, the security unit can send a safety signal to the traffic component in order to brake and / or stop the traffic component. This has the advantage that an entire process from receiving the operating data to sending the activity signal from the traffic component to the component-external back-end device takes place locally in the traffic component or the second computing device of the traffic component. This avoids transmission of the operating data to the back-end device external to the component, which can accelerate the entire process. Automated monitoring of the traffic component is made possible by using the at least one first machine learning device. It is also conceivable that the comparison between the current activity pattern and the predetermined activity pattern and / or a determination of the difference and / or a generation of the activity signal can take place at least in a separate module of the second computing device and / or in the at least one second machine learning device.

A particularly preferred embodiment provides that the activity signal, which is generated by the traffic component or the second computing device of the traffic component, is sent to the at least one security unit. This enables a direct transmission of the activity signal to the at least one security unit without a first transmission of the activity signal to the backend device external to the component. This ensures a faster reaction of the at least one security unit to the activity signal on the traffic component.

According to a further advantageous embodiment, the respective machine learning device or the at least one first machine learning device and / or the at least one second machine learning device can each comprise at least one software program. The amount and / or type of the respective operating data can be determined by means of the respective software program and then at least one learning algorithm can be selected from a plurality of predetermined learning algorithms and the detection (training, formation) of the pattern and / or the pattern recognition of the pattern by means of the selected at least one learning algorithm Operating data are carried out. In other words, the at least one software program can be constructed modularly from a plurality of predetermined learning algorithms. These predetermined learning algorithms can be based on, for example, "Naive Bayes", "Decision Trees", "Simese Networks", "Generative Adversarial Networks (GAN)", "Prinicipal Component Analysis (PCA)". The at least one software program can select one of the plurality of predetermined learning algorithms for the detection (training, formation) of the pattern and / or the pattern recognition of the operating data by means of a predetermined selection criterion based on the amount and / or type of the respective operating data. For example, if the operating data correspond to a large amount and extremely distorted data, then the learning algorithm based on “Simese Networks” for pattern detection and / or pattern recognition of the operating data is selected according to the selection criterion. This makes the process very flexible. With regard to the type of operational data, a distinction can be made, for example, between the following types: Uniform Resource Locator (URL, “End Point”) and / or “Tokens” and / or user activity and / or geoposition data, to name just a few. For example, a machine learning device for URLs can be provided, which is trained on which URLs are contacted by the traffic component in the normal state as authorized activity. Then a contact with a URL can be recognized as an unauthorized activity, which does not occur in the normal state for the traffic component. You can do the same performed user activities and / or geopositions (eg GPS position) in the normal state are trained as authorized activities by means of a respective machine learning device. Then a different user activity and / or geoposition can be recognized as an unauthorized activity. So-called access tokens and / or session tokens can be monitored as tokens. If a new token is recognized after the machine learning device training, an unauthorized activity can be identified on the basis of this new token.

It is possible that not all types of operating data are used. For example, A distinction is made between premium customers and normal customers, although a larger scope of monitoring can be provided for premium customers. In general, it can be provided that for each type of operating data (e.g. URL, geoposition, user position) a decision is made depending on the contract data as to whether operating data of this type is used or not.

It is also conceivable that several machine learning devices are present in the back-end device external to the component. The respective machine learning device can in each case comprise at least one respective software program which comprises a predetermined learning algorithm. The predetermined learning algorithm can be designed for the detection of the pattern and / or the pattern recognition of the operating data of a predetermined quantity and / or type. A software program can select one of the plurality of machine learning devices for the detection of the pattern and / or the pattern recognition of the operating data by means of a predetermined selection criterion based on the quantity and / or type of the respective operating data. Such a method can be based on “distributed machine learning”.

According to a further advantageous embodiment, at least one of the several predetermined learning algorithms can be based on supervised learning and / or unsupervised learning and / or semi-supervised learning. This enables the detection of the pattern and / or the pattern recognition of the operating data, which can occur in different quantities and in different ways.

The at least one security unit can preferably comprise at least one central security station and / or a police center and / or a fire department. As a result, a security measure can be initiated and / or an offender can be arrested. In the event of an accident, the fire brigade can quickly be at the scene of the accident.

The invention further relates to a system for monitoring a traffic component, the system comprising a backend device external to the component and the traffic component, and the system being set up to carry out a method according to one of the features of the described embodiments of the method according to the invention.

The invention also includes combinations of the features of the described embodiments.

• Fig. eine schematische Darstellung einer Ausführungsform eines Systems zur Überwachung einer Verkehrskomponente.

Exemplary embodiments of the invention are described below. The only figure shows:

• Fig. A schematic representation of an embodiment of a system for monitoring a traffic component.

The exemplary embodiments explained below are preferred embodiments of the invention. In the exemplary embodiment, the described components of the embodiment each represent individual features of the invention that are to be considered independently of one another, which also further develop the invention independently of one another and are therefore also to be regarded individually or in a combination other than the one shown as part of the invention. Furthermore, the described embodiments can also be supplemented by further features of the invention that have already been described.

In the single figure, the same reference numerals designate elements that have the same function.

The figure shows a system 10 to monitor a traffic component 11 , which can be, for example, a motor vehicle, for example a motor vehicle. The traffic component 11 can include various sensors, which operating data T1 the traffic component 11 generate at a time. Embodiment of the system shown in the figure 10 includes the traffic component 11 a first sensor 12 and a second sensor 13 , which first sensor data S1 and second sensor data S2 the traffic component 11 generate at a time and to a first electronic component 14 send. The first sensor data S1 from the first sensor 12 to the first electronic component 14 can through a data path 15 be sent. Similarly, the second sensor data S2 from the second sensor 13 to the first electronic component 14 through a data path 16 be sent. The two data paths 15 . 16 can each be, for example, a data cable or an optical fiber. Furthermore, the first sensor data S1 and / or the second sensor data S2 wirelessly to the first via Bluetooth electronic component 14 be sent. The first electronic component 14 receives the first sensor data S1 and the second sensor data S2 and determines the operating data T1 the traffic component 11 at the same time. The operating data T1 can an operating state of the traffic component 11 describe. For example, the operating state can be a trip of the traffic component 11 to be on a street through a residential area in the morning. In the figure, this operating state is for understanding by means of the sun 17 shown.

The system 10 further includes a backend device external to the component 18 , which is designed, for example, as a data cloud. The component external backend device 18 comprises at least a second electronic component 19 , The first electronic component 14 can be connected to the external backend device 18 or their second electronic component 19 the operating data T1 send wirelessly, which by means of a data path 20 is shown. The second electronic component 19 can the operating data T1 receive. The first electronic component 14 can include, for example, a mobile radio module (GSM, 4G, 5G) and / or a WLAN radio module (WLAN - Wireless local area network). The first electronic component 14 can also include a control unit. The second electronic component 19 can, for example, use a NIC (Network interface controller) to receive the operating data T1 and / or a data memory for the received operating data T1 exhibit. Furthermore, the second electronic component 19 have a processor device to carry out method steps, which will be described below.

The component external backend device 18 comprises at least one predetermined comparison component 21 , in which a digital twin 22 and / or a first computing device 23 can be operated. The predetermined comparison component 21 is formed corresponding comparison data T2 the first electronic component 19 to deliver. The corresponding comparison data T2 correspond to a similar operating state of the operating data T1 the traffic component 11 without unauthorized activities.

The second electronic component 19 can make a comparison between the operational data T1 and the corresponding comparison data T2 and make a difference. In the event that the difference or an amount of the difference fulfills a predetermined triggering criterion, then the second electronic component can 19 a security signal T3 to a security unit 24 send. In other words, in the event that there is no unauthorized activity of the traffic component at a time 11 result, then at this time will be operational data T1 and corresponding comparison data T2 be similar to. At this point, the second electronic component 19 a comparison between the operating data T1 and the corresponding comparison data T2 and make a difference. Because in this case the operating data T1 without unauthorized activities, the difference is less than a predetermined threshold. Then no security signal T3 to the security unit 24 sent, the security unit 24 at least one central security station 27 and / or a police headquarters 28 and / or a fire department 29 may include.

But in the event that there is at least one unauthorized activity of the traffic component at another time 11 results. At this point, the second electronic component 19 a comparison between the operating data T1 and the corresponding comparison data T2 and make a difference. The operating data T1 will show new values due to the at least one unauthorized activity. For this reason, the determined difference between the operating data T1 and the corresponding comparison data T2 be greater than the predetermined threshold. In other words, the difference in this case can meet a predetermined trigger criterion. Then the second electronic component 19 a security signal T3 to the security unit 24 send. In this case, the second electronic component 19 the security signal T3 through a data path 32 to the security unit 24 send wirelessly

The security unit 24 can on the security signal T3 respond and at least one backup activity signal T4 to the traffic component 11 or a third electronic component 33 send, causing the traffic component 11 can be braked and / or stopped at the time. This ensures reliable monitoring of the traffic component 11 which at least enables unauthorized activity. The backup activity signal T4 can be wireless through a data path 34 from the security unit 24 to the third electronic component 33 sent.

According to an embodiment of the system shown in the single figure 10 can in the predetermined comparison component 21 the digital twin 22 the traffic component 11 will operate. The digital twin 22 can be a data-based model 45 and / or a mathematical model 46 include. The digital twin 22 can be a digital representation of the traffic component 11 describe. In other words, the digital twins can have the same functional and / or physical properties of the traffic component.

About the digital twin 22 to the traffic component 11 can be used to generate the data-based model 45 of the digital twin 22 a machine learning device operated here as an internal machine learning device 47 is called because it can be an integral part of the digital twin.

The internal machine learning facility 47 can run a software program which can be based on an artificial neural network (KNN) and / or a support vector machine (SVM) and / or a regression (for example regression level in a feature space). The internal machine learning facility 47 can of operating data T1 the traffic component 11 from the second electronic component 19 through the data path 48 receive. This allows the data-based model 45 by means of the internal machine learning device 47 be formed and updated. So the digital twin can 22 ideally just like the traffic component 11 behave and the corresponding comparison data T2 produce.

The mathematical model 46 can be the traffic component 11 without unauthorized activities and simulate the corresponding comparison data T2 produce. It is also conceivable that the mathematical model 46 the comparison data generated by simulation T2 to the data-based model 45 through a data path 49 can send. This allows the data-based model 45 by means of the internal machine learning device 47 by means of the operating data T1 and that of the mathematical model 46 sent comparison data T2 to be expanded further. This enables the digital twin 22 an improved digital representation of the traffic component 11 describe.

In this case, the digital twin 22 the corresponding comparison data T2 through a data path 30 to the second electronic component 19 send.

According to a further embodiment of the system, also shown in the single figure 10 can in the predetermined comparison component 21 the first computing device 23 operating data T1a . T1b . T1c a fleet 25 a plurality of similar traffic components 11a . 11b . 11c receive. The fleet shown in the figure 25 comprises three similar traffic components 11a . 11b . 11c , The first traffic component 11a to the first computing device 23 the first operating data T1a send. In the same way, the second traffic component 11b and the third traffic component 11c the second operating data T1b and the third operating data T1c to the first computing device 23 send. The first operating data T1a , the second operating data T1b and the third operating data T1c can each wirelessly through a first data path 42 , a second data path 43 and a third data path 44 be sent. The first computing device 23 comprises a first machine learning device 26 which the operating data T1a . T1b . T1c the fleet 25 receives. The first machine learning facility 26 can run a software program which can be based on an artificial neural network (KNN) and / or a support vector machine (SVM) and / or a regression.

The first machine learning facility 26 can detect a pattern in the operational data T1a . T1b . T1c perform and the detected pattern as the corresponding comparison component T2 generate and to the second electronic component 19 through a data path 31 send.

According to a further embodiment of the system, also shown in the single figure 10 can in the traffic component 11 a second computing device 35 the operating data T1 the traffic component 11 received and a second machine learning device 36 operate. The second machine learning facility 36 can be similar to the first machine learning facility 26 operate a software program which can be based on an artificial neural network (KNN) and / or a support vector machine (SVM) and / or a regression.

The second machine learning facility 36 can a pattern recognition in the operating data T1 perform, and if at least a predetermined activity pattern that indicates an unauthorized activity is detected, an activity signal T5 generated and to the external backend device 18 or to the second electronic component 19 through a data path 37 send wirelessly. After that, the second electronic component 19 a security signal T3 to the security unit 24 send.

According to a further embodiment of the system, also shown in the single figure 10 can the activity signal T5 , which consists of the traffic component 11 or the second computing device 35 the traffic component 11 is generated to the at least the security unit 24 wirelessly through a data path 41 is sent.

The respective machine learning device or the first machine learning device 26 and / or the second machine learning device 36 each comprise at least one software program not shown in the single figure. The amount and / or type of the respective operating data can be determined by means of the software program T1 . T1a . T1b . T1c can be determined and then at least one learning algorithm can be selected from a plurality of predetermined learning algorithms and by means of the selected at least one learning algorithm the detection of the pattern and / or the pattern recognition of the operating data T1 . T1a . T1b . T1c be performed. For example, the operating data T1 . T1a . T1b . T1c be designed as a uniform resource locator (URL), "end points", "tokens", GPS file.

Furthermore, one of the plurality of predetermined learning algorithms can be based on monitored learning 38 and / or unsupervised learning 39 and / or partially supervised learning 40 be based. This enables the detection of the pattern and / or the pattern recognition of the operating data T1 . T1a . T1b . T1c which can occur in different quantities and in different ways.

Overall, the examples show how automated monitoring of a traffic component can be provided by the invention.

QUOTES INCLUDE IN THE DESCRIPTION

This list of documents listed by the applicant has been generated automatically and is only included for the better information of the reader. The list is not part of the German patent or utility model application. The DPMA assumes no liability for any errors or omissions.

Patent literature cited

• WO 2017/046805 A1 [0003]
• WO 2015/057979 A1 [0004]
• US 2018072265 A1 [0005]

Claims (9)

Method for monitoring a traffic component (11) for an unauthorized activity, characterized in that a backend device (18) external to the component receives operating data (T1) of the traffic component (11) and at least one between the received operating data (T1) and corresponding comparison data (T2) predetermined comparison components (21), on the other hand, determines a difference and, in the event that the difference fulfills a predetermined triggering criterion, sends a respective safety signal (T3) to at least one predetermined safety unit (24). Procedure according to Claim 1 , characterized in that a digital twin (22) of the traffic component (11) is operated in one of the at least one predetermined comparison component (21), the digital twin (22) simulating the traffic component (11) without unauthorized activities and the corresponding comparison data (T2) generated. Procedure according to Claim 1 or 2 , characterized in that in one of the at least one predetermined comparison component (21) at least one first computing device (23) operating data (T1a, T1b, T1c) of a fleet (25) of a plurality of traffic components (11a, similar to the traffic component (11) 11b, 11c) and operates at least one first machine learning device (26) which detects a pattern in these operating data (T1a, T1b, T1c) and generates the detected pattern as the corresponding comparison data (T2). Method according to one of the preceding claims, characterized in that in the traffic component (11) a second computing device (35) receives operating data (T1) of the traffic component (11) and operates at least one second machine learning device (36) which recognizes a pattern in the operating data ( T1), and if at least one predetermined activity pattern, which indicates the unauthorized activity, is recognized, an activity signal (T5) is generated and sent to the component-external backend device (18). Procedure according to Claim 4 , characterized in that the activity signal (T5) is additionally sent by the second computing device (35) to the at least one security unit (24). Procedure according to one of the Claims 3 to 5 , characterized in that the respective machine learning device (23, 35, 47) each comprises at least one software program by means of which the amount and / or type of the respective operating data (T1, T1a, T1b, T1c) is determined and then at least from a plurality of predetermined learning algorithms a learning algorithm is selected and the detection of the pattern and / or the pattern recognition of the operating data (T1, T1a, T1b, T1c) is carried out by means of the selected at least one learning algorithm. Procedure according to Claim 6 wherein at least one of the plurality of predetermined learning algorithms is based on monitored learning (38) and / or unsupervised learning (39) and / or partially monitored learning (40). Method according to one of the preceding claims, wherein the at least one security unit (24) comprises at least one central security station (27) and / or a police center (28) and / or a fire department (29). System (10) for monitoring a traffic component (11), the system (10) comprising a component-external backend device (18) and the traffic component (11) and wherein the system (10) is set up to carry out a method according to one of the preceding claims ,

Images