摘要:
An industrial asset may have monitoring nodes that generate current monitoring node values representing a current operation of the industrial asset. An abnormality detection computer may detect when a monitoring node is currently being attacked or experiencing a fault based on a current feature vector, calculated in accordance with current monitoring node values, and a detection model that includes a decision boundary. A model updater (e.g., a continuous learning model updater) may determine an update time-frame (e.g., short-term, mid-term, long-term, etc.) associated with the system based on trigger occurrence detection (e.g., associated with a time-based trigger, a performance-based trigger, an event-based trigger, etc.). The model updater may then update the detection model in accordance with the determined update time-frame (and, in some embodiments, continuous learning).
摘要:
A system for enhanced sequential power system model calibration is provided. The system is programmed to store a model of a device. The model includes a plurality of parameters. The system is also programmed to receive a plurality of events associated with the device, receive a first set of calibration values for the plurality of parameters, generate a plurality of sets of calibration values for the plurality of parameters, for each of the plurality of sets of calibration values, analyze a first event of the plurality of events using a corresponding set of calibration values to generate a plurality of updated sets of calibration values, analyze the plurality of updated sets of calibration values to determine a current updated set of calibration values, and update the model to include the current updated set of calibration values.
摘要:
According to some embodiments, a plurality of heterogeneous data source nodes may each generate a series of current data source node values over time that represent a current operation of an electric power grid. A real-time threat detection computer, coupled to the plurality of heterogeneous data source nodes, may receive the series of current data source node values and generate a set of current feature vectors. The threat detection computer may then access an abnormal state detection model having at least one decision boundary created offline using at least one of normal and abnormal feature vectors. The abnormal state detection model may be executed, and a threat alert signal may be transmitted if appropriate based on the set of current feature vectors and the at least one decision boundary.
摘要:
A method for determining fleet conditions and operational management thereof, performed by a central system includes receiving fleet data from at least one distributed data repository. The fleet data is substantially representative of information associated with a fleet of physical assets. The method also includes processing the received fleet data for the fleet using at least one process of a plurality of processes. The plurality of processes assess the received fleet data into processed fleet data. The method additionally includes determining a fleet condition status using the processed fleet data and the at least one process of the plurality of processes. The method further includes generating a fleet response. The fleet response is substantially representative of a next operational step for the fleet of physical assets. The method also includes transmitting the fleet response to at least one of a plurality of fleet response recipients.
摘要:
A system includes a physical analysis module, a cyber analysis module, and a determination module. The physical analysis module is configured to obtain physical diagnostic information, and to determine physical analysis information using the physical diagnostic information. The cyber analysis module is configured to obtain cyber security data of the functional system, and to determine cyber analysis information using the cyber security data. The determination module is configured to obtain the physical analysis information and the cyber analysis information, and to determine a state of the functional system using the physical analysis information and the cyber analysis information. The state determined corresponds to at least one of physical condition or cyber security threat. The determination module is also configured to identify if the state corresponds to one or more of a non-malicious condition or a malicious condition.
摘要:
According to some embodiments, a system, method and non-transitory computer-readable medium are provided to protect a cyber-physical system having a plurality of monitoring nodes comprising: a normal space data source storing, for each of the plurality of monitoring nodes, a series of normal monitoring node values over time that represent normal operation of the cyber-physical system; a situational awareness module including an abnormal data generation platform, wherein the abnormal data generation platform is operative to generate abnormal data to represent abnormal operation of the cyber-physical system using values in the normal space data source and a generative model; a memory for storing program instructions; and a situational awareness processor, coupled to the memory, and in communication with the situational awareness module and operative to execute the program instructions to: receive a data signal, wherein the received data signal is an aggregation of data signals received from one or more of the plurality of monitoring nodes, wherein the data signal includes at least one real-time stream of data source signal values that represent a current operation of the cyber-physical system; determine, via a trained classifier, whether the received data signal is a normal signal or an abnormal signal, wherein the trained classifier is trained with the generated abnormal data and normal data; localize an origin of an anomaly when it is determined the received data signal is the abnormal signal; receive the determination and localization at a resilient estimator module; execute the resilient estimator module to generate a state estimation for the cyber-physical system. Numerous other aspects are provided.
摘要:
Briefly, embodiments are directed to a system, method, and article for identifying power system event signatures. Input measurement data may be received from one or more data sources relating to a power grid system. The input measurement data may comprise normal system operation measurement data and power system event measurement data. A processor may perform operations during an online application phase. During the online application phase, a feature matrix may be generated for the power system event measurement data and the at least one trained auto-associative model. The feature matrix for the power system event measurement data may be processed to determine power system event residuals. Also during the online application phase, the power system event signatures may be identified based on residual statistics for normal system operation measurement data residuals and on the power system event residuals.
摘要:
According to some embodiments, a system, method and non-transitory computer-readable medium are provided to protect a decision manifold of a control system for an industrial asset, comprising: a detection and neutralization module including: a decision manifold having a receiver configured to receive a training dataset comprising data, wherein the decision manifold is operative to generate a first decision manifold with the received training dataset; and a detection model; a memory for storing program instructions; and a detection and neutralization processor, coupled to the memory, and in communication with the detection and neutralization module and operative to execute program instructions to: receive the first decision manifold, wherein the first decision manifold separates a normal operating space from an abnormal operating space; determine whether there are one or more inadequacies with the detection model; generate a corrected decision manifold based on the determined one or more inadequacies with the detection model; receive a projected adversary strategy; generate a resilient decision manifold based on the corrected decision manifold and received projected adversary strategy; and an output configured to output a neutralized signal to operate the industrial asset via the control system. Numerous other aspects are provided.
摘要:
According to some embodiments, a plurality of monitoring nodes may each generate a series of current monitoring node values over time that represent a current operation of the industrial asset. A node classifier computer, coupled to the plurality of monitoring nodes, may receive the series of current monitoring node values and generate a set of current feature vectors. The node classifier computer may also access at least one multi-class classifier model having at least one decision boundary. The at least one multi-class classifier model may be executed and the system may transmit a classification result based on the set of current feature vectors and the at least one decision boundary. The classification result may indicate, for example, whether a monitoring node status is normal, attacked, or faulty.
摘要:
Some embodiments are associated with a receipt, at a feature learning platform, of sensor data associated with normal operation of an industrial asset, the sensor data including values for a plurality of sensors over a period of time. The feature learning platform may extract a plurality of features via hierarchically deep learning, which may capture characteristics of normal operation of the industrial asset and provide the learned features to a classification modeling platform. The classification modeling platform may then create classification models utilizing the learned features, and the classification models may be executed to automatically identify a potential anomaly for an operating industrial asset.