公开(公告)号：US20210081270A1

公开(公告)日：2021-03-18

申请号：US16574493

申请日：2019-09-18

Applicant: GENERAL ELECTRIC COMPANY

Inventor： Masoud ABBASZADEH ,  Mustafa Tekin DOKUCU ,  Justin Varkey JOHN

IPC: G06F11/07 ,  H04L29/06 ,  G06N20/00 ,  G06K9/62 ,  G06F17/18

Abstract: An industrial asset may have a plurality of monitoring nodes, each monitoring node generating a series of monitoring node values over time representing current operation of the industrial asset. An abnormality detection computer may determine that an abnormal monitoring node is currently being attacked or experiencing a fault. An autonomous, resilient estimator may continuously execute an adaptive learning process to create or update virtual sensor models for that monitoring node. Responsive to an indication that a monitoring node is currently being attacked or experiencing a fault, a level of neutralization may be automatically determined. The autonomous, resilient estimator may then be dynamically reconfigured to estimate a series of virtual node values based on information from normal monitoring nodes, appropriate virtual sensor models, and the determined level of neutralization. The series of monitoring node values from the abnormal monitoring node or nodes may then be replaced with the virtual node values.

公开(公告)号：US20200169574A1

公开(公告)日：2020-05-28

申请号：US16201461

申请日：2018-11-27

Applicant: General Electric Company

Inventor： Weizhong YAN ,  Masoud ABBASZADEH ,  Matthew NIELSEN ,  Justin Varkey JOHN

IPC: H04L29/06

Abstract: Systems and methods may be associated with a cyber-physical system, and a blueprint repository data store may contain electronic files that represent behavior-based asset monitoring parameters for different cyber-physical system asset types. A behavior-based asset monitoring creation computer platform may receive an indication of an asset type of the cyber-physical system. The behavior-based asset monitoring creation computer platform may then search the blueprint repository data store and retrieve an electronic file representing behavior-based asset monitoring parameters for the asset type of the cyber-physical system to be monitored. The behavior-based asset monitoring creation computer platform may also receive, from the remote operator device, adjustments to the retrieved behavior-based asset monitoring parameters and automatically configure, based on the adjusted behavior-based asset monitoring parameters, at least a portion of settings for an abnormal detection model. The abnormal detection model may then be created about output to be executed by an abnormal detection platform.

公开(公告)号：US20190230099A1

公开(公告)日：2019-07-25

申请号：US15977558

申请日：2018-05-11

Applicant: General Electric Company

Inventor： Lalit Keshav MESTHA ,  Masoud ABBASZADEH ,  Annarita GIANI

IPC: H04L29/06 ,  G06N7/00

Abstract: Streams of monitoring node signal values over time, representing a current operation of the industrial asset, are used to generate current monitoring node feature vectors. Each feature vector is compared with a corresponding decision boundary separating normal from abnormal states. When a first monitoring node passes a corresponding decision boundary, an attack is detected and classified as an independent attack. When a second monitoring node passes a decision boundary, an attack is detected and a first decision is generated based on a first set of inputs indicating if the attack is independent/dependent. From the beginning of the attack on the second monitoring node until a final time, the first decision is updated as new signal values are received for the second monitoring node. When the final time is reached, a second decision is generated based on a second set of inputs indicating if the attack is independent/dependent.

公开(公告)号：US20190222596A1

公开(公告)日：2019-07-18

申请号：US15964644

申请日：2018-04-27

Applicant: General Electric Company

Inventor： Masoud ABBASZADEH ,  Lalit Keshav MESTHA

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  G06F21/55

Abstract: In some embodiments, a plurality of monitoring nodes each generate a series of current monitoring node values over time that represent a current operation of the industrial asset. An attack detection computer platform may receive the series of current monitoring node values and generate a set of current feature vectors including a current feature for capturing transients (e.g., local transients and/or global transients). The attack detection computer platform may also access an attack detection model having at least one decision boundary that was created using at least one of a set of normal feature vectors and/or a set of attacked feature vectors. The attack detection model may then be executed such that an attack alert signal is transmitted by the attack detection computer platform, when appropriate, based on the set of current feature vectors (including the current feature to capture transients) and the at least one decision boundary.

公开(公告)号：US20180260561A1

公开(公告)日：2018-09-13

申请号：US15453544

申请日：2017-03-08

Applicant: General Electric Company

Inventor： Lalit Keshav MESTHA ,  Santosh Sambamoorthy VEDA ,  Masoud ABBASZADEH ,  Chaitanya Ashok BAONE ,  Weizhong YAN ,  Saikat RAY MAJUMDER ,  Sumit BOSE ,  Annartia GIANI ,  Olugbenga ANUBI

IPC: G06F21/55

CPC classification number: G06F21/554 ,  G05B23/0275 ,  G06F2221/034 ,  Y04S10/522

Abstract: According to some embodiments, a plurality of heterogeneous data source nodes may each generate a series of current data source node values over time that represent a current operation of an electric power grid. A real-time threat detection computer, coupled to the plurality of heterogeneous data source nodes, may receive the series of current data source node values and generate a set of current feature vectors. The threat detection computer may then access an abnormal state detection model having at least one decision boundary created offline using at least one of normal and abnormal feature vectors. The abnormal state detection model may be executed, and a threat alert signal may be transmitted if appropriate based on the set of current feature vectors and the at least one decision boundary.

公开(公告)号：US20180157771A1

公开(公告)日：2018-06-07

申请号：US15491243

申请日：2017-04-19

Applicant: General Electric Company

Inventor： Lalit Keshav MESTHA ,  Masoud ABBASZADEH ,  Cody BUSHEY

IPC: G06F17/50

CPC classification number: G06F17/5009 ,  G06F17/5086 ,  G06F2217/16

Abstract: An augmented system model may include a system high fidelity model that generates a first output. The augmented system model may further include a data driven model to receive data associated with the first output and to generate a second output, and a feature space version of the second output may be output from the augmented system model. Monitoring nodes may each generate a series of current monitoring node values over time representing current operation of an industrial asset. A model adaptation element may receive the current monitoring node values, calculate a feature space version of current operation, and compare the feature space version of the second output of the augmented system model with the feature space version of current operation. Parameters of the data driven model may then be adapted based on a result of the comparison.