Anomaly Detection and Cyber Resilience

Host-based Intrusion Detection and Response for Automotive ECUs and IoT Devices

Host-Based Software Anomaly Detection Technology

AnCyR is a patent-pending technology that is the first host-based anomaly detection optimized for automotive ECU and IoT device intrusion detection (IDS) cybersecurity. AnCyR is based on five years of research at the University of Arizona with support from the National Science Foundation. AnCyR’s anomaly detection technology combines statistical, probabilistic, and machine learning algorithms to accurately detect attacks with best-in-class false positives, latency, and overhead.


AnCyR can be Broadly Deployed


  • Runs on ECU/IoT Device for rapid detection
  • No dependencies with other ECUs or IoT Devices
  • Does not require cloud-based analysis

Accurate Detection including Zero-Day Attacks

  • Detects changes in software operation caused by zero-day attacks
  • Attacks detected including buffer overflows, code injection, ROP, and more


  • AnCyR can be compiled to any processor platform
  • Scalable from microcontrollers to multicore processors
  • Cloud and Vehicle Security Operations Center (VSOC) agnostic

Low Latency and Overhead

  • Detects attacks in real-time (within milliseconds)
  • Optimized for ECUs and IoT processors
  • Low memory and performance overhead

Best-In-Class Detection Accuracy

AnCyR monitors software subcomponents using a synergistic combination of statistical, probabilistic, and machine learning algorithms to achieve high attack detection with best-in-class false positives.

Cybersecurity Runtime Awareness Recommended by UNECE R155

UNECE WP.29 R155 regulation for cybersecurity in vehicles recommends runtime awareness to detect cyberattacks and intrusions

Strengthen your ISO/SAE 21434 cybersecurity management system with runtime cybersecurity monitoring

Intrusion Detection Support FDA Cybersecurity Guidance

Detect, Respond, Recover: FDA 2014 Guidance Recommends Medical Devices Implement features that allow for security compromises to be detectedrecognized, logged, timed, and acted upon during normal use. 

Identify, characterize, and access:  2016 FDA Post Market Management of Cybersecurity in Medical Devices recommends companies implement a risk management program that includes methods to identifycharacterize, and access cybersecurity vulnerabilities.

Contact us for a demonstration of AnCyR.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.