公开(公告)号：US20190260768A1

公开(公告)日：2019-08-22

申请号：US15899903

申请日：2018-02-20

Applicant: General Electric Company

Inventor： Lalit Keshav MESTHA ,  Olugbenga ANUBI ,  Justin Varkey JOHN

IPC: H04L29/06

Abstract: In some embodiments, an Unmanned Aerial Vehicle (“UAV”) system may be associated with a plurality of monitoring nodes, each monitoring node generating a series of monitoring node values over time that represent operation of the UAV system. An attack detection computer platform may receive the series of current monitoring node values and generate a set of current feature vectors. The attack detection computer platform may access an attack detection model having at least one decision boundary (e.g., created using a set of normal feature vectors a set of attacked feature vectors). The attack detection model may then be executed and the platform may transmit an attack alert signal based on the set of current feature vectors and the at least one decision boundary. According to some embodiments, attack localization and/or neutralization functions may also be provided.

公开(公告)号：US20170364674A1

公开(公告)日：2017-12-21

申请号：US15528266

申请日：2014-11-20

Applicant: General Electric Company

Inventor： Robert William GRUBBS ,  Justin Varkey JOHN

IPC: G06F21/36 ,  G06F21/32 ,  G06K19/10 ,  G06K7/14

CPC classification number: G06F21/36 ,  G06F21/32 ,  G06F21/34 ,  G06F21/40 ,  G06K7/1413 ,  G06K7/1417 ,  G06K19/10

Abstract: Systems and methods are described for accessing a secure system requiring multi-point authentication by receiving an optical image, wherein the optical image includes at least a portion of an identification badge; determining a plurality of characteristics from the optical image of at least a portion of the identification badge; comparing one or more of the plurality of characteristics to a database of characteristics of authorized users; assigning a confidence factor based on the comparison; and prompting for a second form of authentication if the confidence factor meets or exceeds a threshold or denying access to the secure system if the confidence factor does not meet or exceed the threshold.

公开(公告)号：US20210084056A1

公开(公告)日：2021-03-18

申请号：US16574558

申请日：2019-09-18

Applicant: GENERAL ELECTRIC COMPANY

Inventor： Masoud ABBASZADEH ,  Mustafa Tekin DOKUCU ,  Justin Varkey JOHN

IPC: H04L29/06 ,  H04L9/08 ,  G06N20/00

Abstract: An industrial asset may have a plurality of monitoring nodes, each monitoring node generating a series of monitoring node values over time representing current operation of the industrial asset. An abnormality detection computer may determine that an abnormal monitoring node is currently being attacked or experiencing a fault. Responsive to an indication that a monitoring node is currently being attacked or experiencing a fault, the system may automatically replace monitoring node values from the at least one abnormal monitoring node currently being attacked or experiencing a fault with virtual node values. The system may also determine when the abnormal monitoring node or nodes will switch from the virtual node values back to monitoring node values.

公开(公告)号：US20190068618A1

公开(公告)日：2019-02-28

申请号：US15683250

申请日：2017-08-22

Applicant: General Electric Company

Inventor： Lalit Keshav MESTHA ,  Hema Kumari ACHANTA ,  Justin Varkey JOHN ,  Cody Joe BUSHEY

IPC: H04L29/06 ,  G06K9/62

Abstract: In some embodiments, an industrial asset may be associated with a plurality of monitoring nodes, each monitoring node generating a series of monitoring node values over time that represent operation of the industrial asset. A threat detection computer may determine that an attacked monitoring node is currently being attacked. Responsive to this determination, a virtual sensor coupled to the plurality of monitoring nodes may estimate a series of virtual node values for the attacked monitoring node(s) based on information received from monitoring nodes that are not currently being attacked. The virtual sensor may then replace the series of monitoring node values from the attacked monitoring node(s) with the virtual node values. Note that in some embodiments, virtual node values may be estimated for a particular node even before it is determined that the node is currently being attacked.

公开(公告)号：US20170359366A1

公开(公告)日：2017-12-14

申请号：US15179034

申请日：2016-06-10

Applicant: General Electric Company

Inventor： Cody Joe BUSHEY ,  Lalit Keshav MESTHA ,  Daniel Francis HOLZHAUER ,  Justin Varkey JOHN

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/1433 ,  H04L63/1408 ,  H04L63/1441 ,  H04L67/10 ,  H04L2463/146 ,  H04W4/38

Abstract: In some embodiments, a plurality of real-time monitoring node signal inputs receive streams of monitoring node signal values over time that represent a current operation of the industrial asset control system. A threat detection computer platform, coupled to the plurality of real-time monitoring node signal inputs, may receive the streams of monitoring node signal values and, for each stream of monitoring node signal values, generate a current monitoring node feature vector. The threat detection computer platform may then compare each generated current monitoring node feature vector with a corresponding decision boundary for that monitoring node, the decision boundary separating a normal state from an abnormal state for that monitoring node, and localize an origin of a threat to a particular monitoring node. The threat detection computer platform may then automatically transmit a threat alert signal based on results of said comparisons along with an indication of the particular monitoring node.

公开(公告)号：US20200076838A1

公开(公告)日：2020-03-05

申请号：US16679749

申请日：2019-11-11

Applicant: General Electric Company

Inventor： Lalit Keshav MESTHA ,  Hema Kumari ACHANTA ,  Justin Varkey JOHN ,  Cody Joe BUSHEY

IPC: H04L29/06 ,  G06F21/50 ,  G06F21/56 ,  G06K9/62 ,  G06F21/57 ,  G06F21/55

Abstract: In some embodiments, an industrial asset may be associated with a plurality of monitoring nodes, each monitoring node generating a series of monitoring node values over time that represent operation of the industrial asset. A threat detection computer may determine that an attacked monitoring node is currently being attacked. Responsive to this determination, a virtual sensor coupled to the plurality of monitoring nodes may estimate a series of virtual node values for the attacked monitoring node(s) based on information received from monitoring nodes that are not currently being attacked. The virtual sensor may then replace the series of monitoring node values from the attacked monitoring node(s) with the virtual node values. Note that in some embodiments, virtual node values may be estimated for a particular node even before it is determined that the node is currently being attacked.

公开(公告)号：US20190342318A1

公开(公告)日：2019-11-07

申请号：US16511463

申请日：2019-07-15

Applicant: General Electric Company

Inventor： Daniel Francis HOLZHAUER ,  Cody Joe BUSHEY ,  Lalit Keshav MESTHA ,  Masoud ABBASZADEH ,  Justin Varkey JOHN

IPC: H04L29/06 ,  H04L29/08 ,  H04L12/26 ,  H04L12/24

Abstract: According to some embodiments, streams of monitoring node signal values may be received over time that represent a current operation of an industrial asset control system. A current operating mode of the industrial asset control system may be received and used to determine a current operating mode group from a set of potential operating mode groups. For each stream of monitoring node signal values, a current monitoring node feature vector may be determined. Based on the current operating mode group, an appropriate decision boundary may be selected for each monitoring node, the appropriate decision boundary separating a normal state from an abnormal state for that monitoring node in the current operating mode. Each generated current monitoring node feature vector may be compared with the selected corresponding appropriate decision boundary, and a threat alert signal may be automatically transmitted based on results of said comparisons.

公开(公告)号：US20180157838A1

公开(公告)日：2018-06-07

申请号：US15371905

申请日：2016-12-07

Applicant: General Electric Company

Inventor： Cody Joe BUSHEY ,  Lalit Keshav MESTHA ,  Justin Varkey JOHN ,  Daniel Francis HOLZHAUER

IPC: G06F21/57 ,  H04L29/06 ,  G06N99/00

CPC classification number: G06F21/57 ,  G06F21/552 ,  G06N99/005 ,  H04L63/1416 ,  H04L63/145 ,  H04L63/1483

Abstract: According to some embodiments, a threat detection model creation computer may receive a series of normal monitoring node values (representing normal operation of the industrial asset control system) and generate a set of normal feature vectors. The threat detection model creation computer may also receive a series of threatened monitoring node values (representing a threatened operation of the industrial asset control system) and generate a set of threatened feature vectors. At least one potential decision boundary for a threat detection model may be calculated based on the set of normal feature vectors, the set of threatened feature vectors, and an initial algorithm parameter. A performance of the at least one potential decision boundary may be evaluated based on a performance metric. The initial algorithm parameter may then be tuned based on a result of the evaluation, and the at least one potential decision boundary may be re-calculated.

公开(公告)号：US20220329613A1

公开(公告)日：2022-10-13

申请号：US17228191

申请日：2021-04-12

Applicant: General Electric Company

Inventor： Masoud ABBASZADEH ,  Matthew Christian NIELSEN ,  Weizhong YAN ,  Justin Varkey JOHN

IPC: H04L29/06

Abstract: According to some embodiments, a system, method, and non-transitory computer readable medium are provided comprising a plurality of real-time monitoring nodes to receive streams of monitoring node signal values over time that represent a current operation of the cyber physical system; and a threat detection computer platform, coupled to the plurality of real-time monitoring nodes, to: receive the monitoring node signal values; compute an anomaly score; compare the anomaly score with an adaptive threshold; and detect that one of a particular monitoring node and a system is outside a decision boundary based on the comparison, and classify that particular monitoring node or system as anomalous. Numerous other aspects are provided.

公开(公告)号：US20220327204A1

公开(公告)日：2022-10-13

申请号：US17228162

申请日：2021-04-12

Applicant: General Electric Company

Inventor： Masoud ABBASZADEH ,  Weizhong YAN ,  Justin Varkey JOHN ,  Matthew Christian NIELSEN

IPC: G06F21/55 ,  G06N20/00

Abstract: According to some embodiments, a system, method and non-transitory computer readable medium are provided comprising a plurality of real-time monitoring nodes to receive streams of monitoring node signal values over time that represent a current operation of the cyber physical system; a local status determination module comprising an ensemble of local agents, the module adapted to determine an anomaly status for one or more nodes; a global status determination module comprising an ensemble of global agents, the module adapted to determine an anomaly status for the cyber physical system; a threat detection computer platform comprising a memory and a computer processor, the threat detection computer platform coupled to the plurality of real-time monitoring nodes and adapted to: receive the monitoring node signal values, generate feature vectors from the received monitoring node signal values; compare via the local status determination module the feature vectors with at least one decision boundary associated with a local abnormal detection model; compare via the global status determination module the feature vectors with at least one decision boundary associated with a global abnormal detection model; and transmit an abnormal alert signal from the local status determination module and the global status determination module based on a result of each comparison. Numerous other aspects are provided.