公开(公告)号：US20210037044A1

公开(公告)日：2021-02-04

申请号：US16525807

申请日：2019-07-30

Applicant: GENERAL ELECTRIC COMPANY

Inventor： Hema K, Achanta ,  Masoud ABBASZADEH ,  Weizhong YAN ,  Mustafa Tekin DOKUCU

IPC: H04L29/06 ,  H04L12/24 ,  G06K9/62 ,  G06N3/08

Abstract: According to some embodiments, a system, method and non-transitory computer-readable medium are provided to protect a cyber-physical system having a plurality of monitoring nodes comprising: a normal space data source storing, for each of the plurality of monitoring nodes, a series of normal monitoring node values over time that represent normal operation of the cyber-physical system; a situational awareness module including an abnormal data generation platform, wherein the abnormal data generation platform is operative to generate abnormal data to represent abnormal operation of the cyber-physical system using values in the normal space data source and a generative model; a memory for storing program instructions; and a situational awareness processor, coupled to the memory, and in communication with the situational awareness module and operative to execute the program instructions to: receive a data signal, wherein the received data signal is an aggregation of data signals received from one or more of the plurality of monitoring nodes, wherein the data signal includes at least one real-time stream of data source signal values that represent a current operation of the cyber-physical system; determine, via a trained classifier, whether the received data signal is a normal signal or an abnormal signal, wherein the trained classifier is trained with the generated abnormal data and normal data; localize an origin of an anomaly when it is determined the received data signal is the abnormal signal; receive the determination and localization at a resilient estimator module; execute the resilient estimator module to generate a state estimation for the cyber-physical system. Numerous other aspects are provided.

公开(公告)号：US20180262525A1

公开(公告)日：2018-09-13

申请号：US15454219

申请日：2017-03-09

Applicant: General Electric Company

Inventor： Weizhong YAN ,  Masoud ABBASZADEH ,  Lalit Keshav MESTHA

IPC: H04L29/06 ,  G05B13/04 ,  G05B13/02

CPC classification number: H04L63/1441 ,  G05B13/0265 ,  G05B13/041 ,  G06N20/00 ,  H04L63/1425 ,  Y04S40/24

Abstract: According to some embodiments, a plurality of heterogeneous data source nodes may each generate a series of data source node values over time associated with operation of an electric power grid control system. An offline abnormal state detection model creation computer may receive the series of data source node values and perform a feature extraction process to generate an initial set of feature vectors. The model creation computer may then perform feature selection with a multi-model, multi-disciplinary framework to generate a selected feature vector subset. According to some embodiments, feature dimensionality reduction may also be performed to generate the selected feature subset. At least one decision boundary may be automatically calculated and output for an abnormal state detection model based on the selected feature vector subset.

公开(公告)号：US20180159879A1

公开(公告)日：2018-06-07

申请号：US15484282

申请日：2017-04-11

Applicant: General Electric Company

Inventor： Lalit Keshav MESTHA ,  Justin Varkey JOHN ,  Weizhong YAN ,  David Joseph HARTMAN

IPC: H04L29/06 ,  G06N99/00 ,  G06F17/16 ,  G06N3/04

CPC classification number: H04L63/1425 ,  G06N3/0454 ,  G06N3/084 ,  G06N7/005 ,  G06N20/00 ,  G06N20/10

Abstract: A threat detection model creation computer receives normal monitoring node values and abnormal monitoring node values. At least some received monitoring node values may be processed with a deep learning model to determine parameters of the deep learning model (e.g., a weight matrix and affine terms). The parameters of the deep learning model and received monitoring node values may then be used to compute feature vectors. The feature vectors may be spatial along a plurality of monitoring nodes. At least one decision boundary for a threat detection model may be automatically calculated based on the computed feature vectors, and the system may output the decision boundary separating a normal state from an abnormal state for that monitoring node. The decision boundary may also be obtained by combining feature vectors from multiple nodes. The decision boundary may then be used to detect normal and abnormal operation of an industrial asset.

公开(公告)号：US20220357729A1

公开(公告)日：2022-11-10

申请号：US17239054

申请日：2021-04-23

Applicant: GENERAL ELECTRIC COMPANY

Inventor： Rui XU ,  Weizhong YAN ,  Masoud ABBASZADEH ,  Matthew Christian NIELSEN

IPC: G05B23/02 ,  G06N3/04 ,  G06N3/08

Abstract: An industrial asset may have monitoring nodes that generate current monitoring node values representing a current operation of the industrial asset. An abnormality detection computer may detect when a monitoring node is currently being attacked or experiencing a fault based on a current feature vector, calculated in accordance with current monitoring node values, and a detection model that includes a decision boundary. A model updater (e.g., a continuous learning model updater) may determine an update time-frame (e.g., short-term, mid-term, long-term, etc.) associated with the system based on trigger occurrence detection (e.g., associated with a time-based trigger, a performance-based trigger, an event-based trigger, etc.). The model updater may then update the detection model in accordance with the determined update time-frame (and, in some embodiments, continuous learning).

公开(公告)号：US20210182738A1

公开(公告)日：2021-06-17

申请号：US16716685

申请日：2019-12-17

Applicant: GENERAL ELECTRIC COMPANY

Inventor： Paul ARDIS ,  Andrew Cohen ,  Weizhong YAN

IPC: G06N20/20 ,  G06N5/04

Abstract: Some embodiments provide systems and methods associated with an industrial asset. An ensemble of learners (e.g., base learner models) may comprise a digital twin that corresponds to the industrial asset. A learning agent platform (e.g., associated with reinforcement learning), coupled to the ensemble of learners, may manage the ensemble by receiving information about current operation of the industrial asset. The platform may then apply learning to the received information and generate data that modifies the ensemble of learners (e.g., by adding, pruning, and/or modifying models in the ensemble). In some embodiments, a boosting scheme may be employed to enhance decision making by the learning agent platform (e.g., a learner's voting weight might be inversely proportional to its error on a previous batch of information).

公开(公告)号：US20200293033A1

公开(公告)日：2020-09-17

申请号：US16562641

申请日：2019-09-06

Applicant: General Electric Company

Inventor： Lijun HE ,  Honggang WANG ,  Weizhong YAN ,  Liwei HAO

IPC: G05B23/02 ,  G05B15/02 ,  H02J13/00

Abstract: Briefly, embodiments are directed to a system, method, and article for monitoring health of a power system. Input data may be received from one or more sources, where the input data comprises at least measurements of one or more power system assets from one or more phasor measurement units (PMUs). An anomaly may be detected within the power system based on the input data. A determination may be made as to whether the anomaly comprises an asset anomaly of the one or more power system assets. In response to determining that the anomaly comprises an asset anomaly, a characterization may be made as to whether the asset anomaly comprises an equipment anomaly or a sensor anomaly and an alert may be generated to indicate whether the asset anomaly comprises the equipment anomaly or the sensor anomaly based on the characterization.

公开(公告)号：US20190219994A1

公开(公告)日：2019-07-18

申请号：US15984896

申请日：2018-05-21

Applicant: General Electric Company

Inventor： Weizhong YAN ,  Lalit Keshav MESTHA ,  Daniel Francis HOLZHAUER

IPC: G05B23/02 ,  G05B13/02

CPC classification number: G05B23/0254 ,  G05B13/027

Abstract: Heterogeneous monitoring nodes may each generate a series of monitoring node values over time associated with operation of an industrial asset. An offline abnormal state detection model creation computer may receive the series of monitoring node values and perform a feature extraction process using a multi-modal, multi-disciplinary framework to generate an initial set of feature vectors. The model creation computer may then perform feature dimensionality reduction to generate a selected feature vector subset. The model creation computer may derive digital models through a data-driven machine learning modeling method, based on input/output variables identified by domain experts or by learning from the data. The system may then automatically generate domain level features based on a difference between sensor measurements and digital model output. A decision boundary may then be automatically calculated and output for an abnormal state detection model based on the selected feature vector subset and the plurality of derived generated domain level features.

公开(公告)号：US20230058974A1

公开(公告)日：2023-02-23

申请号：US17405387

申请日：2021-08-18

Applicant: General Electric Company

Inventor： Weizhong YAN ,  Matthew Christian NIELSEN ,  Aditya KUMAR

IPC: G06F21/56 ,  G06F21/57 ,  G06N20/00

Abstract: According to some embodiments, a system, method and non-transitory computer readable medium are provided comprising a memory storing processor-executable steps; and a processor to execute the processor-executable steps to cause the system to: receive a first data value of a plurality of data values from a data store, wherein the first data value is from a digital twin model of an industrial asset; determine, via a vulnerability module, whether the received at least one data value is a near boundary case or not a near boundary case; in a case it is determined the first data value is a near boundary case, generate one or more adversarial samples for the first data value; input each of the one or more adversarial samples to the digital twin model; execute the digital twin model to output a system response for each input adversarial sample; determine whether the system response to each input adversarial sample has a negative impact; in a case it is determined the system response has a negative impact for a given input adversarial sample, update a trained attack detection model with the given input adversarial sample; and generate a second decision boundary based on the updated trained attack detection model. Numerous other aspects are provided.

公开(公告)号：US20200292608A1

公开(公告)日：2020-09-17

申请号：US16562711

申请日：2019-09-06

Applicant: General Electric Company

Inventor： Weizhong YAN ,  Honggang WANG ,  Lijun HE

IPC: G01R31/08 ,  G06N20/00 ,  G01R19/25

Abstract: Briefly, embodiments are directed to a system, method, and article for monitoring and diagnosing a status of one or more assets of a power grid system. Input data measurements and training data measurements from one or more data sources relating to the power grid system may be accessed or received. An offline training phase and an online monitoring and diagnosis phase may be performed. During the offline training phase, first features may be extracted from the training measurement data, one or more residual generation models may be trained using the extracted features as model inputs, and one or more residual-based classifiers may be trained. During the online monitoring and diagnosis phase, second features may be extracted from the input measurement data, one or more residuals may be generated based on the extracted second features, and a status of the one or more assets may be determined based on the one or more residuals, where the one or more residuals may comprise a difference between model predicted values and measured values from the one or more data sources. An output may be generated indicating the status of the one or more assets based on the classification of the status.

公开(公告)号：US20200089874A1

公开(公告)日：2020-03-19

申请号：US16132705

申请日：2018-09-17

Applicant: General Electric Company

Inventor： Masoud ABBASZADEH ,  Walter YUND ,  Weizhong YAN

IPC: G06F21/55 ,  G06F21/57 ,  H04L29/06 ,  G06K9/62

Abstract: Monitoring nodes may generate a series of current monitoring node values over time representing current operation of a cyber-physical system. A decision fusion computer platform may receive, from a local status determination module, an indication of whether each node has an initial local status of “normal”/“abnormal” and a local certainty score (with higher values of the local certainty score representing greater likelihood of abnormality). The computer platform may also receive, from a global status determination module, an indication of whether the system has an initial global status of “normal”/“abnormal” and a global certainty score. The computer platform may output, for each node, a fused local status of “normal” or “abnormal,” at least one fused local status being based on the initial global status. The decision fusion computer platform may also output a fused global status of “normal” or “abnormal” based on at least one initial local status.