Method for protection from cyber attacks to a vehicle based upon time analysis, and corresponding device

A method for protection from cyber attacks in a vehicle communication network including the steps of executing a protection and monitoring procedure comprising: a learning step that includes: acquiring sets ({right arrow over (V)}IDk) of values of times of arrival (TSIDk) of messages (MSG) exchanged on the network, ordered according to a respective message identifier (IDk), computing one or more statistical parameters (μIDk, sIDk2) of the sets of arrival-time values (TSIDk), and subsequently obtaining statistical parameters ({right arrow over (ω)}IDk) of confidence windows for one or more statistical parameters (μIDk, sIDk2) of the sets of arrival-time values (TS′IDk); and a subsequent classification and anomaly-detection step that includes: acquiring sets ({right arrow over (u)}IDk) of values of times of arrival (TS′IDk) at the device of messages (MSG′), computing corresponding one or more statistical parameters (μ′IDk,s′IDk2) of the sets of arrival-time values (TS′IDk) to obtain votes (V,W) of membership of the statistical parameters (μ′IDk, s′IDk2) of the sets of arrival-time values (TS′IDk) in confidence windows of the sets of arrival-time values (TS′IDk), and evaluating issuing of malicious-message alarms (AL) on the basis of the membership votes (V, W).