公开(公告)号：US20180191758A1

公开(公告)日：2018-07-05

申请号：US15397062

申请日：2017-01-03

Applicant: General Electric Company

Inventor： Masoud ABBASZADEH ,  Cody Joe BUSHEY ,  Lalit Keshav MESTHA ,  Daniel Francis HOLZHAUER

IPC: H04L29/06 ,  G06N99/00

Abstract: According to some embodiments, a threat detection model creation computer may receive a series of monitoring node values (representing normal and/or threatened operation of the industrial asset control system) and generate a set of normal feature vectors. The threat detection model creation computer may identify a first cluster and a second cluster in the set of feature vectors. The threat detection model creation computer may then automatically determine a plurality of cluster-based decision boundaries for a threat detection model. For example, a first potential cluster-based decision boundary for the threat detection model may be automatically calculated based on the first cluster in the set of feature vectors. Similarly, the threat detection model creation computer may also automatically calculate a second potential cluster-based decision boundary for the threat detection model based on the second cluster in the set of feature vectors.

公开(公告)号：US20180157838A1

公开(公告)日：2018-06-07

申请号：US15371905

申请日：2016-12-07

Applicant: General Electric Company

Inventor： Cody Joe BUSHEY ,  Lalit Keshav MESTHA ,  Justin Varkey JOHN ,  Daniel Francis HOLZHAUER

IPC: G06F21/57 ,  H04L29/06 ,  G06N99/00

CPC classification number: G06F21/57 ,  G06F21/552 ,  G06N99/005 ,  H04L63/1416 ,  H04L63/145 ,  H04L63/1483

Abstract: According to some embodiments, a threat detection model creation computer may receive a series of normal monitoring node values (representing normal operation of the industrial asset control system) and generate a set of normal feature vectors. The threat detection model creation computer may also receive a series of threatened monitoring node values (representing a threatened operation of the industrial asset control system) and generate a set of threatened feature vectors. At least one potential decision boundary for a threat detection model may be calculated based on the set of normal feature vectors, the set of threatened feature vectors, and an initial algorithm parameter. A performance of the at least one potential decision boundary may be evaluated based on a performance metric. The initial algorithm parameter may then be tuned based on a result of the evaluation, and the at least one potential decision boundary may be re-calculated.