-
公开(公告)号:US20230297057A1
公开(公告)日:2023-09-21
申请号:US17939470
申请日:2022-09-07
申请人: AO Kaspersky Lab
发明人: Andrey B. Lavrentyev , Artem M. Vorontsov , Dmitry A. Ivanov , Vyacheslav I. Shkulev , Nikolay N. Demidov , Artyom M. Nechiporuk , Maxim A. Mamaev , Alexander V. Travov
IPC分类号: G05B19/048
CPC分类号: G05B19/048 , G05B2219/24024
摘要: A method for determination of anomalies in a cyber-physical system (CPS) includes generating one or more diagnostic rules configured to calculate at least one auxiliary CPS variable. One or more values of the at least one auxiliary CPS variable are calculated for a predefined output interval of time based on collected values of a group of primary CPS variables for a predefined input interval of time based on the generated diagnostic rule. An anomaly is determined based on the collected values of the group of primary CPS variables and the one or more calculated values of the at least one auxiliary CPS variable.
-
2.发明授权公开(公告)号:US11494252B2
公开(公告)日:2022-11-08
申请号:US16450195
申请日:2019-06-24
申请人: AO KASPERSKY LAB
发明人: Andrey B. Lavrentyev , Artem M. Vorontsov , Pavel V. Filonov , Dmitry K. Shalyga , Vyacheslav I. Shkulev , Nikolay N. Demidov , Dmitry A. Ivanov
摘要: Systems and methods for determining a source of anomaly in a cyber-physical system (CPS). A forecasting tool can obtain a plurality of CPS feature values during an input window and forecast the plurality of CPS feature values for a forecast window. An anomaly identification tool can determine a total forecast error for the plurality of CPS features in the forecast window, identify an anomaly in the cyber-physical system when the total forecast error exceeds a total error threshold, and identify at least one CPS feature as the source of the anomaly.
-
公开(公告)号:US11175976B2
公开(公告)日:2021-11-16
申请号:US16456463
申请日:2019-06-28
申请人: AO Kaspersky Lab
发明人: Andrey B. Lavrentyev , Artem M. Vorontsov , Pavel V. Filonov , Dmitry K. Shalyga , Vyacheslav I. Shkulev , Nikolay N. Demidov , Dmitry A. Ivanov
IPC分类号: G06F11/00 , G06F11/07 , G06N3/08 , G06F16/901
摘要: The present disclosure provides systems and methods of early determination of anomalies using a graphical user interface. In one aspect such a method comprises: receiving information about one or more features of a cyber-physical system, receiving information about a period of time for monitoring the one or more features, generating a forecast of values of the one or more features of the cyber-physical system over the period of time based on a forecasting model for graphing in a graphical user interface, determining a total error of the forecast for all of the one or more features and determining an error for each of the one or more features over the period of time, determining that the error for one feature of the one or more features is greater than a predetermined threshold and identifying the one feature as a source of an anomaly in the cyber-physical system.
-
公开(公告)号:US10469527B2
公开(公告)日:2019-11-05
申请号:US15255773
申请日:2016-09-02
申请人: AO Kaspersky Lab
摘要: Disclosed are systems and methods for protection of a technological system (TS) from cyber attacks. An exemplary method comprises: obtaining a real state of the TS; initializing a cybernetic control system (CCS) by synchronizing the CCS with the TS; comparing, by the CCS, the real state of the TS with an ideal state of the TS; based on the comparison, identifying a deviation of the real state of the TS from the ideal state of the TS; when the deviation is identified, checking an integrity of at least functional interconnections of the states of one or more elements of the TS; determining whether the ideal state of the TS is a modeling error based on one or more confirmed sustained functional interconnections between elements of the TS; and identifying anomalies in the TS based on one or more disturbed functional interconnections between elements of the TS.
-
5.发明申请公开(公告)号:US20200210264A1
公开(公告)日:2020-07-02
申请号:US16456463
申请日:2019-06-28
申请人: AO Kaspersky Lab
发明人: Andrey B. Lavrentyev , Artem M. Vorontsov , Pavel V. Filonov , Dmitry K. Shalyga , Vyacheslav I. Shkulev , Nikolay N. Demidov , Dmitry A. Ivanov
IPC分类号: G06F11/07 , G06F16/901 , G06N3/08
摘要: The present disclosure provides systems and methods of early determination of anomalies using a graphical user interface. In one aspect such a method comprises: receiving information about one or more features of a cyber-physical system, receiving information about a period of time for monitoring the one or more features, generating a forecast of values of the one or more features of the cyber-physical system over the period of time based on a forecasting model for graphing in a graphical user interface, determining a total error of the forecast for all of the one or more features and determining an error for each of the one or more features over the period of time, determining that the error for one feature of the one or more features is greater than a predetermined threshold and identifying the one feature as a source of an anomaly in the cyber-physical system.
-
6.发明申请公开(公告)号:US20200210263A1
公开(公告)日:2020-07-02
申请号:US16450195
申请日:2019-06-24
申请人: AO KASPERSKY LAB
发明人: Andrey B. Lavrentyev , Artem M. Vorontsov , Pavel V. Filonov , Dmitry K. Shalyga , Vyacheslav I. Shkulev , Nikolay N. Demidov , Dmitry A. Ivanov
摘要: Systems and methods for determining a source of anomaly in a cyber-physical system (CPS). A forecasting tool can obtain a plurality of CPS feature values during an input window and forecast the plurality of CPS feature values for a forecast window. An anomaly identification tool can determine a total forecast error for the plurality of CPS features in the forecast window, identify an anomaly in the cyber-physical system when the total forecast error exceeds a total error threshold, and identify at least one CPS feature as the source of the anomaly.
-
公开(公告)号:US20240333742A1
公开(公告)日:2024-10-03
申请号:US18618334
申请日:2024-03-27
申请人: AO Kaspersky Lab
IPC分类号: H04L9/40
CPC分类号: H04L63/1425
摘要: Disclosed herein are systems and methods for detection of anomalies in a cyber-physical system in real-time. In one aspect, an exemplary method comprises: obtaining, in real-time, randomly distributed stream of observations of CPS parameters; converting an observation of the CPS parameter to a uniform temporal grid (UTG); when at least a criterion for unloading at least one UTG node of the converted observations is satisfied, unloading the UTG nodes corresponding to the satisfied criterion; for each unloaded UTG node, calculating a value of each output CPS parameter of a set of output CPS parameters; and detecting an anomaly in the CPS based on the values of the output CPS parameters.
-
8.发明公开公开(公告)号:US20240070444A1
公开(公告)日:2024-02-29
申请号:US18361976
申请日:2023-07-31
申请人: AO Kaspersky Lab
发明人: Andrey B. Lavrentyev , Dmitry A. Ivanov , Vyacheslav I. Shkulev , Nikolay N. Demidov , Maxim A. Mamaev , Alexander V. Travov
摘要: Disclosed herein are systems for identifying the structure of patterns and anomalies in flow of events from the cyber-physical system or information system. In one aspect, an exemplary method comprises, using at least one connector, getting event data, generating at least one episode consisting of a sequence of events, and transferring the generated episodes to an event processor; and using the event processor, process episodes using a neurosemantic network, wherein the processing includes recognizing events and patterns previously learned by the neurosemantic network, training the neurosemantic network, identifying a structure of patterns by mapping to the patterns of neurons on a hierarchy of layers of the neurosemantic network, attributing events and patterns corresponding to neurons of the neurosemantic network to an anomaly depending on a number of activations of the corresponding neuron, and storing the state of the neurosemantic network.
-
-
-
-
-
-
-
搜索结果
8 条记录 (耗时 0.016 秒)
