公开(公告)号：US20230071394A1

公开(公告)日：2023-03-09

申请号：US17406205

申请日：2021-08-19

Applicant: GENERAL ELECTRIC COMPANY

Inventor： Subhrajit ROYCHOWDHURY ,  Masoud ABBASZADEH ,  Georgios BOUTSELIS ,  Joel MARKHAM

IPC: G05B23/02 ,  G06F16/23 ,  G08B29/18

Abstract: The present disclosure relates to techniques for detecting cyber-faults in industrial assets. Such techniques may include obtaining an input dataset from a plurality of nodes of industrial assets and predicting fault nodes in the plurality of nodes by inputting the input dataset to a one-class classifier. The one-class classifier may be trained on normal operation data obtained during normal operations of the industrial assets. Further, the cyber-fault detection techniques may include computing a confidence level of cyber fault detection for the input dataset using the one-class classifier and adjusting decision thresholds based on the confidence level for categorizing the input dataset as normal or including cyber-faults. The predicted fault nodes and the adjusted decision thresholds may be used for detecting cyber-faults in the plurality of nodes of the industrial assets.

公开(公告)号：US20210185085A1

公开(公告)日：2021-06-17

申请号：US16712221

申请日：2019-12-12

Applicant: GENERAL ELECTRIC COMPANY

Inventor： Honggang WANG ,  Masoud ABBASZADEH

IPC: H04L29/06 ,  G06F16/2458 ,  G06F16/28 ,  G06N3/04 ,  G05B19/418 ,  G01K13/00 ,  G01D21/02

Abstract: In some embodiments, identifying a replay attack in an industrial control system of an industrial asset includes receiving a first set of time series data associated with an ambient condition of one or more first monitoring nodes at a first location of the industrial control system. An actual system feature value for the industrial asset is determined based upon the first set of time series data. A second set of time series data indicative of the ambient condition at a second location is received, and a nominal system feature value is determined based upon the second set of time series data. A correlation between the actual feature value and the nominal system feature value is analyzed to determine a correlation result. A request received by the industrial control system is selectively categorized as a replay attack based upon the correlation result.

公开(公告)号：US20200089874A1

公开(公告)日：2020-03-19

申请号：US16132705

申请日：2018-09-17

Applicant: General Electric Company

Inventor： Masoud ABBASZADEH ,  Walter YUND ,  Weizhong YAN

IPC: G06F21/55 ,  G06F21/57 ,  H04L29/06 ,  G06K9/62

Abstract: Monitoring nodes may generate a series of current monitoring node values over time representing current operation of a cyber-physical system. A decision fusion computer platform may receive, from a local status determination module, an indication of whether each node has an initial local status of “normal”/“abnormal” and a local certainty score (with higher values of the local certainty score representing greater likelihood of abnormality). The computer platform may also receive, from a global status determination module, an indication of whether the system has an initial global status of “normal”/“abnormal” and a global certainty score. The computer platform may output, for each node, a fused local status of “normal” or “abnormal,” at least one fused local status being based on the initial global status. The decision fusion computer platform may also output a fused global status of “normal” or “abnormal” based on at least one initial local status.

公开(公告)号：US20200067969A1

公开(公告)日：2020-02-27

申请号：US16108742

申请日：2018-08-22

Applicant: General Electric Company

Inventor： Masoud ABBASZADEH ,  Lalit Keshav MESTHA

IPC: H04L29/06 ,  G06N7/00 ,  G06N5/04 ,  G06N99/00 ,  G06K9/62

Abstract: A plurality of monitoring nodes may each generate a time-series of current monitoring node values representing current operation of a cyber-physical system. A feature-based forecasting framework may receive the time-series of and generate a set of current feature vectors using feature discovery techniques. The feature behavior for each monitoring node may be characterized in the form of decision boundaries that separate normal and abnormal space based on operating data of the system. A set of ensemble state-space models may be constructed to represent feature evolution in the time-domain, wherein the forecasted outputs from the set of ensemble state-space models comprise anticipated time evolution of features. The framework may then obtain an overall features forecast through dynamic ensemble averaging and compare the overall features forecast to a threshold to generate an estimate associated with at least one feature vector crossing an associated decision boundary.

公开(公告)号：US20190222595A1

公开(公告)日：2019-07-18

申请号：US15958285

申请日：2018-04-20

Applicant: General Electric Company

Inventor： Annarita GIANI ,  Masoud ABBASZADEH ,  Lalit Keshav MESTHA

IPC: H04L29/06 ,  G06K9/62 ,  G06F21/50 ,  G05B19/048 ,  G06F11/00

CPC classification number: H04L63/1425 ,  G05B19/048 ,  G06F11/006 ,  G06F21/50 ,  G06F2201/86 ,  G06K9/6267 ,  G06K9/6297 ,  H04L63/14

Abstract: According to some embodiments, a plurality of monitoring nodes may each generate a series of current monitoring node values over time that represent a current operation of the industrial asset. A node classification computer may determine, for each monitoring node, a classification result indicating whether each monitoring node is in a normal or abnormal state. A disambiguation engine may receive the classification results from the node classification computer and associate a Hidden Markov Model (“HMM”) with each monitoring node. For each node in an abnormal state, the disambiguation engine may execute the HMM associated with that monitoring node to determine a disambiguation result indicating if the abnormal state is a result of an attack or a fault and output a current status of each monitoring node based on the associated classification result and the disambiguation result.

公开(公告)号：US20230075736A1

公开(公告)日：2023-03-09

申请号：US17406246

申请日：2021-08-19

Applicant: GENERAL ELECTRIC COMPANY

Inventor： Subhrajit ROYCHOWDHURY ,  Masoud ABBASZADEH ,  Georgios BOUTSELIS ,  Joel MARKHAM

IPC: G06F21/54 ,  G06F21/55 ,  G06F21/57 ,  G05B19/048

Abstract: The present disclosure provides techniques for implementing self-adapting neutralization against cyber-faults within industrial assets. The disclosed neutralization techniques may include obtaining an input dataset from a plurality of nodes of industrial assets and reconstructing compromised nodes in the plurality of nodes to neutralize cyber-faults detected based on the input dataset. A confidence metric may be computed for the reconstruction of the compromised nodes, e.g., using inductive conformal prediction. Based on the confidence metric and the reconstruction of the compromised nodes, input signals from the reconstruction of the compromised nodes may be transformed, or configuration parameters for a controller of the industrial assets may be tuned.

公开(公告)号：US20210084056A1

公开(公告)日：2021-03-18

申请号：US16574558

申请日：2019-09-18

Applicant: GENERAL ELECTRIC COMPANY

Inventor： Masoud ABBASZADEH ,  Mustafa Tekin DOKUCU ,  Justin Varkey JOHN

IPC: H04L29/06 ,  H04L9/08 ,  G06N20/00

Abstract: An industrial asset may have a plurality of monitoring nodes, each monitoring node generating a series of monitoring node values over time representing current operation of the industrial asset. An abnormality detection computer may determine that an abnormal monitoring node is currently being attacked or experiencing a fault. Responsive to an indication that a monitoring node is currently being attacked or experiencing a fault, the system may automatically replace monitoring node values from the at least one abnormal monitoring node currently being attacked or experiencing a fault with virtual node values. The system may also determine when the abnormal monitoring node or nodes will switch from the virtual node values back to monitoring node values.

公开(公告)号：US20200322366A1

公开(公告)日：2020-10-08

申请号：US16374067

申请日：2019-04-03

Applicant: General Electric Company

Inventor： Weizhong YAN ,  Masoud ABBASZADEH

IPC: H04L29/06 ,  G06N20/00

Abstract: A Cyber-Physical System (“CPS”) may have monitoring nodes that generate a series of current monitoring node values representing current operation of the CPS. A normal space data source may store, for each monitoring node, a series of normal monitoring node values representing normal operation of the CPS. An abnormal data generation platform may utilize information in the normal space data source and a generative model to create generated abnormal to represent abnormal operation of the CPS. An abnormality detection model creation computer may receive the normal monitoring node values (and generate normal feature vectors) and automatically calculate and output an abnormality detection model including information about a decision boundary created via supervised learning based on the normal feature vectors and the generated abnormal data.

公开(公告)号：US20200233956A1

公开(公告)日：2020-07-23

申请号：US16255073

申请日：2019-01-23

Applicant: General Electric Company

Inventor： Honggang WANG ,  Willard Monten WISEMAN ,  Masoud ABBASZADEH

IPC: G06F21/55 ,  B60L53/68 ,  B60L53/66 ,  H04L9/32 ,  H04L9/06

Abstract: Some embodiments provide a system to protect an electric vehicle charging infrastructure. An electric vehicle charging site may receive AC power from a power grid and provide DC power to electric vehicles. The charging site may include a plurality of monitoring nodes each generating a series of current monitoring node values over time that represent a current operation of the electric vehicle charging infrastructure. A supply equipment communication controller may receive an access request from an access requestor associated with an electric vehicle, the access request being associated with a platform certificate. A secondary actor policy decision point at the charging site may evaluate the access requestor's identity and respond with an action message allowing high-level communication with the access requestor to proceed. Note that information associated with the current monitoring node values and/or the access request may be stored in a secure, distributed transaction ledger (e.g., an attestation blockchain).

公开(公告)号：US20200099707A1

公开(公告)日：2020-03-26

申请号：US16138408

申请日：2018-09-21

Applicant: General Electric Company

Inventor： Masoud ABBASZADEH ,  Fernando D'AMATO

IPC: H04L29/06 ,  G06F17/18 ,  H04L12/26 ,  G06F15/18

Abstract: A cyber-physical system may have a plurality of monitoring nodes each generating a series of current monitoring node values over time representing current operation of the system. A data-driven features extraction computer platform may receive the series of current monitoring node values and generate current data-driven feature vectors based on the series of current monitoring node values. A residual features extraction computer platform may receive the series of current monitoring node values, execute a system model and utilize a stochastic filter to determine current residual values, and generate current residual-driven feature vectors based on the current residual values. An abnormal detection platform may then receive the current data-driven and residual-driven feature vectors and compare the current data-driven and residual-driven feature vectors with at least one decision boundary associated with an abnormal detection model. An abnormal alert signal may then be transmitted when appropriate based on a result of said comparison.