公开(公告)号：US20240086548A1

公开(公告)日：2024-03-14

申请号：US18510885

申请日：2023-11-16

Applicant: Panasonic Intellectual Property Corporation of America

Inventor： Rikiya HIRAISHI ,  Takuji HIRAMOTO ,  Tatsumi OBA

IPC: G06F21/57 ,  G05B23/02 ,  G06F21/55

CPC classification number: G06F21/577 ,  G05B23/02 ,  G06F21/552

Abstract: An anomaly detection system includes: a register value collector that collects register values of register numbers from a controller; a future state predictor that predicts a future state of the control system; a blacklist creator that creates a blacklist based on a prediction result; an anomaly determiner that determines whether the control system enters an anomalous state by checking the collected register values against the blacklist; and an outputter that outputs a determination result. The blacklist creator defines, as the blacklist: a predicted register number that is predicted, if a register value of the predicted register number is changed, to cause the control system to enter the anomalous state in the future; and a range of the register value within which the control system is predicted to enter the anomalous state, and dynamically creates the blacklist corresponding to a combination of the collected register values.

公开(公告)号：US20210226862A1

公开(公告)日：2021-07-22

申请号：US17221414

申请日：2021-04-02

Applicant: Panasonic Intellectual Property Corporation of America

Inventor： Tatsumi OBA

IPC: H04L12/26 ,  H04L12/24

Abstract: In an abnormality detection method, for a detection target packet stream made up of a plurality of detection target packets that are consecutive, a plurality of distances between the plurality of detection target packets are calculated, a feature amount of the detection target packet stream is extracted using the plurality of distances calculated, and information about the degree of abnormality in the detection target packet stream is calculated using the extracted feature amount.

公开(公告)号：US20190190938A1

公开(公告)日：2019-06-20

申请号：US16218975

申请日：2018-12-13

Applicant: Panasonic Intellectual Property Corporation of America

Inventor： Tatsumi OBA ,  Iku OHAMA

IPC: H04L29/06 ,  H04L12/26 ,  H04L12/24

Abstract: An anomaly detection method includes: extracting, for each of a plurality of learning packets obtained, all possible combinations of N-grams in the payload included in the learning packet; counting a first number which is the number of occurrences of each combination in the payloads of the learning packets; calculating, as anomaly detection models, first probabilities by performing smoothing processing based on a plurality of the first numbers; and when the score calculated for each of a plurality of packets exceeds a predetermined threshold that is based on the anomaly detection models stored in a memory, outputting information indicating that the packet having the score has an anomaly.