公开(公告)号：US20160149944A1

公开(公告)日：2016-05-26

申请号：US14945692

申请日：2015-11-19

Applicant: ABB Technology AG

Inventor： Sebastian Obermeier ,  Roman Schlegel ,  Michael Wahler

IPC: H04L29/06 ,  G06F17/30 ,  G06F9/54

CPC classification number: H04L63/1425 ,  G05B2219/23317 ,  G06F9/542 ,  G06F17/30345 ,  G06F21/554 ,  H04L41/145 ,  H04L63/1416

Abstract: A method and system for automatic signalling an alert when a possible intrusion occurs in an industrial automation and control system, based on security events which occur in the industrial automation and control system or are externally fed into the system. The method includes the steps of: (a) determining a correlation of a first and second security event and storing the correlation in an event database, wherein the correlation includes a probability that the first security event is followed by the second security event within a normalised time period, (b) identifying a candidate event as the first security event, based on event information of the candidate event, upon occurrence of the candidate event, (c) classifying the candidate event as anomalous when the probability exceeds a predetermined threshold and no second security event follows the candidate event within the normalised time period, and (d) signalling the alert indicating the candidate event.

Abstract translation: 基于工业自动化和控制系统中发生的安全事件或外部馈入系统的工业自动化和控制系统中发生可能的入侵时，自动发出警报的方法和系统。 该方法包括以下步骤：（a）确定第一和第二安全事件的相关性并将相关性存储在事件数据库中，其中所述相关性包括第一安全事件遵循归一化后的第二安全事件的概率 （b）当候选事件发生时，基于候选事件的事件信息来识别作为第一安全事件的候选事件，（c）当概率超过预定阈值且将候选事件分类为异常时，将候选事件分类为第 第二安全事件遵循归一化时间段内的候选事件，并且（d）发信号通知表示候选事件的警报。

公开(公告)号：US20160085642A1

公开(公告)日：2016-03-24

申请号：US14959392

申请日：2015-12-04

Applicant: ABB Technology AG

Inventor： Ettore Ferranti ,  Manuel Oriol ,  Michael Wahler ,  Thijmen de Gooijer ,  Thomas Gamer

IPC: G06F11/20 ,  G06F11/16

CPC classification number: G06F11/203 ,  G05B23/0208 ,  G06F11/1658 ,  G06F2201/805

Abstract: A combination of a component-based automation framework, software-based redundancy patterns, and a distributed, reliable runtime manager, is able to detect host failures and to trigger a reconfiguration of the system at runtime. This combined solution maintains system operation in case a fault occurs and, in addition, automatically restores fault tolerance by using backup contingency plans, and without the need for operator intervention or immediate hardware replacement. A fault-tolerant fault tolerance mechanism is thus provided, which restores the original level of fault tolerance after a failure has occurred—automatically and immediately, i.e., without having to wait for a repair or replacement of the faulty entity. In short, the invention delivers increased availability or uptime of a system at reduced costs and complexity for an operator or engineer by adapting automatically to a new environment.

Abstract translation: 基于组件的自动化框架，基于软件的冗余模式和分布式可靠的运行时管理器的组合能够检测主机故障并在运行时触发系统的重新配置。 这种组合的解决方案在发生故障的情况下维护系统运行，并且通过使用备份应急计划自动恢复容错，并且不需要操作员干预或立即进行硬件更换。 因此，提供容错故障容忍机制，其自动且立即地恢复故障发生后的原始容错水平，即不必等待故障实体的修复或更换。 简而言之，本发明通过自动适应新的环境来为运营商或工程师降低成本和复杂性而提供系统的可用性或正常运行时间。