公开(公告)号：US20220141237A1

公开(公告)日：2022-05-05

申请号：US17090275

申请日：2020-11-05

申请人： BAE Systems Information and Electronic Systems Integration Inc.

发明人： Richard J. Ferguson ,  Michael Bear ,  Sumit Ray ,  Jeannine Robertazzi ,  Daniel L. Stanley

IPC分类号： H04L29/06 ,  H04L29/08

摘要： A method of detecting abnormal or malicious activity in a point-to-point or packet-switched data communication network includes tapping a link in the network to obtain a data stream transmitted from a node of the network in parallel with transmission of the data stream through the network. The tap is non-invasive because it does not interfere with the normal traversal of the data stream across the network. This is useful for certain applications, such as mission-critical systems, where it is desirable to monitor the network and inspect the data without adversely impacting or otherwise interfering with the normal operation of the system. The method further includes decoding a communication protocol encoded in the data stream to obtain payload data from the data stream, analyzing the payload data to detect abnormal or malicious activity, and notifying a host of the network of the detected abnormal or malicious activity in the payload data.

公开(公告)号：US20180367553A1

公开(公告)日：2018-12-20

申请号：US15624444

申请日：2017-06-15

申请人： BAE Systems Information and Electronic Systems Integration Inc.

发明人： Patrick M. Hayden ,  Jeong-O. Jeong ,  Vu T. Le ,  Christopher C. Rappa ,  Sumit Ray ,  Katherine D. Sobolewski ,  David K. Woolrich, JR.

IPC分类号： H04L29/06 ,  G06N7/08

摘要： Techniques are provided for cyber warning. One technique includes a cyber warning receiver (CWR). The CWR includes a bus sensing circuit to sense traffic on a communications bus over time, an anomaly detecting circuit to detect anomalous behavior in the sensed bus traffic, a data fusing circuit to fuse the detected anomalous behavior into groups having similar characteristics, a decision making circuit to decide if the fused anomalous behavior is normal or abnormal, and a behavior logging circuit to log the detected anomalous behavior on an electronic storage device. In one embodiment, the CWR further includes a behavior alerting circuit to alert an operator to the fused anomalous behavior identified as abnormal. In one embodiment, the communications bus is an embedded communications bus, such as a MIL-STD-1553 bus, and the CWR is a standalone device configured to connect to the MIL-STD-1553 bus as a bus monitor.

公开(公告)号：US10728265B2

公开(公告)日：2020-07-28

申请号：US15624444

申请日：2017-06-15

申请人： BAE Systems Information and Electronic Systems Integration Inc.

发明人： Patrick M. Hayden ,  Jeong-O. Jeong ,  Vu T. Le ,  Christopher C. Rappa ,  Sumit Ray ,  Katherine D. Sobolewski ,  David K. Woolrich, Jr.

IPC分类号： H04L29/06 ,  G06N7/08 ,  G06N20/10 ,  G06N7/00 ,  G06F21/55 ,  G06N3/08

摘要： Techniques are provided for cyber warning. One technique includes a cyber warning receiver (CWR). The CWR includes a bus sensing circuit to sense traffic on a communications bus over time, an anomaly detecting circuit to detect anomalous behavior in the sensed bus traffic, a data fusing circuit to fuse the detected anomalous behavior into groups having similar characteristics, a decision making circuit to decide if the fused anomalous behavior is normal or abnormal, and a behavior logging circuit to log the detected anomalous behavior on an electronic storage device. In one embodiment, the CWR further includes a behavior alerting circuit to alert an operator to the fused anomalous behavior identified as abnormal. In one embodiment, the communications bus is an embedded communications bus, such as a MIL-STD-1553 bus, and the CWR is a standalone device configured to connect to the MIL-STD-1553 bus as a bus monitor.