-
21.发明申请公开(公告)号:US20190068618A1
公开(公告)日:2019-02-28
申请号:US15683250
申请日:2017-08-22
Applicant: General Electric Company
Inventor: Lalit Keshav MESTHA , Hema Kumari ACHANTA , Justin Varkey JOHN , Cody Joe BUSHEY
Abstract: In some embodiments, an industrial asset may be associated with a plurality of monitoring nodes, each monitoring node generating a series of monitoring node values over time that represent operation of the industrial asset. A threat detection computer may determine that an attacked monitoring node is currently being attacked. Responsive to this determination, a virtual sensor coupled to the plurality of monitoring nodes may estimate a series of virtual node values for the attacked monitoring node(s) based on information received from monitoring nodes that are not currently being attacked. The virtual sensor may then replace the series of monitoring node values from the attacked monitoring node(s) with the virtual node values. Note that in some embodiments, virtual node values may be estimated for a particular node even before it is determined that the node is currently being attacked.
-
公开(公告)号:US20190058715A1
公开(公告)日:2019-02-21
申请号:US15681827
申请日:2017-08-21
Applicant: General Electric Company
Inventor: Masoud ABBASZADEH , Lalit Keshav MESTHA , Weizhong YAN
IPC: H04L29/06
Abstract: According to some embodiments, a plurality of monitoring nodes may each generate a series of current monitoring node values over time that represent a current operation of the industrial asset. A node classifier computer, coupled to the plurality of monitoring nodes, may receive the series of current monitoring node values and generate a set of current feature vectors. The node classifier computer may also access at least one multi-class classifier model having at least one decision boundary. The at least one multi-class classifier model may be executed and the system may transmit a classification result based on the set of current feature vectors and the at least one decision boundary. The classification result may indicate, for example, whether a monitoring node status is normal, attacked, or faulty.
-
公开(公告)号:US20180330083A1
公开(公告)日:2018-11-15
申请号:US15594779
申请日:2017-05-15
Applicant: General Electric Company
Inventor: Masoud ABBASZADEH , Lalit Keshav MESTHA
CPC classification number: G06F21/552 , G06N5/04
Abstract: The example embodiments are directed to a system and method for forecasting anomalies in feature detection. In one example, the method includes storing feature behavior information of at least one monitoring node of an asset, including a normalcy boundary identifying normal feature behavior and abnormal feature behavior for the at least one monitoring node in feature space, receiving input signals from the at least one monitoring node of the asset and transforming the input signals into feature values in the feature space, wherein the feature values are located within the normalcy boundary, forecasting that a future feature value corresponding to a future input signal from the at least one monitoring node is going to be positioned outside the normalcy boundary based on the feature values within the normalcy boundary, and outputting information concerning the forecasted future feature value being outside the normalcy boundary for display.
-
24.发明申请公开(公告)号:US20180137277A1
公开(公告)日:2018-05-17
申请号:US15351809
申请日:2016-11-15
Applicant: General Electric Company
Inventor: Lalit Keshav MESTHA , Cody Joe BUSHEY , Daniel Francis HOLZHAUER
Abstract: Operation of an industrial asset control system may be simulated or monitored under various operating conditions to generate a set of operating results. Subsets of the operating results may be used to calculate a normalization function for each of a plurality of operating conditions. Streams of monitoring node signal values over time may be received that represent a current operation of the industrial asset control system. A threat detection platform may then dynamically calculate normalized monitoring node signal values based at least in part on a normalization function in the operating mode database. For each stream of normalized monitoring node signal values, a current monitoring node feature vector may be generated and compared with a corresponding decision boundary for that monitoring node, the decision boundary separating normal and abnormal states for that monitoring node. A threat alert signal may then be automatically transmitted based on results of said comparisons.
-
25.发明申请公开(公告)号:US20170359366A1
公开(公告)日:2017-12-14
申请号:US15179034
申请日:2016-06-10
Applicant: General Electric Company
Inventor: Cody Joe BUSHEY , Lalit Keshav MESTHA , Daniel Francis HOLZHAUER , Justin Varkey JOHN
CPC classification number: H04L63/1433 , H04L63/1408 , H04L63/1441 , H04L67/10 , H04L2463/146 , H04W4/38
Abstract: In some embodiments, a plurality of real-time monitoring node signal inputs receive streams of monitoring node signal values over time that represent a current operation of the industrial asset control system. A threat detection computer platform, coupled to the plurality of real-time monitoring node signal inputs, may receive the streams of monitoring node signal values and, for each stream of monitoring node signal values, generate a current monitoring node feature vector. The threat detection computer platform may then compare each generated current monitoring node feature vector with a corresponding decision boundary for that monitoring node, the decision boundary separating a normal state from an abnormal state for that monitoring node, and localize an origin of a threat to a particular monitoring node. The threat detection computer platform may then automatically transmit a threat alert signal based on results of said comparisons along with an indication of the particular monitoring node.
-
Patent Agency Ranking
26.发明申请公开(公告)号:US20200076838A1
公开(公告)日:2020-03-05
申请号:US16679749
申请日:2019-11-11
Applicant: General Electric Company
Inventor: Lalit Keshav MESTHA , Hema Kumari ACHANTA , Justin Varkey JOHN , Cody Joe BUSHEY
Abstract: In some embodiments, an industrial asset may be associated with a plurality of monitoring nodes, each monitoring node generating a series of monitoring node values over time that represent operation of the industrial asset. A threat detection computer may determine that an attacked monitoring node is currently being attacked. Responsive to this determination, a virtual sensor coupled to the plurality of monitoring nodes may estimate a series of virtual node values for the attacked monitoring node(s) based on information received from monitoring nodes that are not currently being attacked. The virtual sensor may then replace the series of monitoring node values from the attacked monitoring node(s) with the virtual node values. Note that in some embodiments, virtual node values may be estimated for a particular node even before it is determined that the node is currently being attacked.
-
27.发明申请公开(公告)号:US20190342318A1
公开(公告)日:2019-11-07
申请号:US16511463
申请日:2019-07-15
Applicant: General Electric Company
Inventor: Daniel Francis HOLZHAUER , Cody Joe BUSHEY , Lalit Keshav MESTHA , Masoud ABBASZADEH , Justin Varkey JOHN
Abstract: According to some embodiments, streams of monitoring node signal values may be received over time that represent a current operation of an industrial asset control system. A current operating mode of the industrial asset control system may be received and used to determine a current operating mode group from a set of potential operating mode groups. For each stream of monitoring node signal values, a current monitoring node feature vector may be determined. Based on the current operating mode group, an appropriate decision boundary may be selected for each monitoring node, the appropriate decision boundary separating a normal state from an abnormal state for that monitoring node in the current operating mode. Each generated current monitoring node feature vector may be compared with the selected corresponding appropriate decision boundary, and a threat alert signal may be automatically transmitted based on results of said comparisons.
-
公开(公告)号:US20190219994A1
公开(公告)日:2019-07-18
申请号:US15984896
申请日:2018-05-21
Applicant: General Electric Company
Inventor: Weizhong YAN , Lalit Keshav MESTHA , Daniel Francis HOLZHAUER
CPC classification number: G05B23/0254 , G05B13/027
Abstract: Heterogeneous monitoring nodes may each generate a series of monitoring node values over time associated with operation of an industrial asset. An offline abnormal state detection model creation computer may receive the series of monitoring node values and perform a feature extraction process using a multi-modal, multi-disciplinary framework to generate an initial set of feature vectors. The model creation computer may then perform feature dimensionality reduction to generate a selected feature vector subset. The model creation computer may derive digital models through a data-driven machine learning modeling method, based on input/output variables identified by domain experts or by learning from the data. The system may then automatically generate domain level features based on a difference between sensor measurements and digital model output. A decision boundary may then be automatically calculated and output for an abnormal state detection model based on the selected feature vector subset and the plurality of derived generated domain level features.
-
公开(公告)号:US20190056722A1
公开(公告)日:2019-02-21
申请号:US15681974
申请日:2017-08-21
Applicant: General Electric Company
Inventor: Masoud ABBASZADEH , Lalit Keshav MESTHA , Cody Joe BUSHEY
IPC: G05B19/418 , G06F21/60 , G06F21/56
Abstract: In some embodiments, a system model construction platform may receive, from a system node data store, system node data associated with an industrial asset. The system model construction platform may automatically construct a data-driven, dynamic system model for the industrial asset based on the received system node data. A synthetic attack platform may then inject at least one synthetic attack into the data-driven, dynamic system model to create, for each of a plurality of monitoring nodes, a series of synthetic attack monitoring node values over time that represent simulated attacked operation of the industrial asset. The synthetic attack platform may store, in a synthetic attack space data source, the series of synthetic attack monitoring node values over time that represent simulated attacked operation of the industrial asset. This information may then be used, for example, along with normal operational data to construct a threat detection model for the industrial asset.
-
公开(公告)号:US20180255091A1
公开(公告)日:2018-09-06
申请号:US15454144
申请日:2017-03-09
Applicant: General Electric Company
Inventor: Lalit Keshav MESTHA , Olugbenga ANUBI , Masoud ABBASZADEH
IPC: H04L29/06
Abstract: The example embodiments are directed to a system and method for neutralizing abnormal signals in a cyber-physical system. In one example, the method includes receiving input signals comprising time series data associated with an asset and transforming the input signals into feature values in a feature space, detecting one or more abnormal feature values in the feature space based on a predetermined normalcy boundary associated with the asset, and determining an estimated true value for each abnormal feature value, and performing an inverse transform of each estimated true value to generate neutralized signals comprising time series data and outputting the neutralized signals.
-
-
-
-
-
-
-
-
-
Search Results
32
records
(took 0.017 seconds)
